IIBF & NISM Adda

Tuesday, 10 July 2018

Basic Principles of Information Security:

Basic Principles of Information Security:

For over twenty years, information security has held confidentiality, integrity and availability (known as the CIA triad) to be the core principles. There is continuous debate about extending this classic trio. Other principles such as Authenticity, Non-repudiation and accountability are also now becoming key considerations for practical security installations.

Confidentiality: Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Breaches of confidentiality take many forms like Hacking, Phishing, Vishing, Email-spoofing, SMS spoofing, and sending malicious code through email or Bot Networks, as discussed earlier.

Integrity: In information security, integrity means that data cannot be modified without authorization. This is not the same thing as referential integrity in databases.

Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when he/she is able to modify his own salary in a payroll database, when an employee uses programmes and deducts small amounts of money from all customer accounts and adds it to his/her own account (also called salami technique), when an unauthorized user vandalizes a web site, and so on.

On a larger scale, if an automated process is not written and tested correctly, bulk updates to a database could alter data in an incorrect way, leaving the integrity of the data compromised. Information security professionals are tasked with finding ways to implement controls that prevent errors of integrity.

Availability: For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service (DoS) and distributed denial-of service (DDoS) attacks.

Authenticity: In computing, e-business and information security it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim they are.

Non-repudiation: In law, non-repudiation implies one's intention to fulfill one’s obligations under a contract / transaction. It also implies that a party to a transaction cannot deny having received or having sent an electronic record. Electronic commerce uses technology such as digital signatures and encryption to establish authenticity and non-repudiation.

In addition to the above, there are other security-related concepts and principles when designing a security policy and deploying a security solution. They include identification, authorization, accountability, and auditing.

Identification: Identification is the process by which a subject professes an identity and accountability is initiated. A subject must provide an identity to a system to start the process of authentication, authorization and accountability. Providing an identity can be typing in a username, swiping a smart card, waving a proximity device, speaking a phrase, or positioning face, hand, or finger for a camera or scanning device. Proving a process ID number also represents the identification process. Without an identity, a system has no way to correlate an authentication factor with the subject.

Authorization: Once a subject is authenticated, access must be authorized. The process of authorization ensures that the requested activity or access to an object is possible given the rights and privileges assigned to the authenticated identity. In most cases, the system evaluates an access control matrix that compares the subject, the object, and the intended activity. If the specific action is allowed, the subject is authorized. Else, the subject is not authorized.

Accountability and auditability: An organization’s security policy can be properly enforced only if accountability is maintained, i.e., security can be maintained only if subjects are held accountable for their actions. Effective accountability relies upon the capability to prove a subject’s identity and track their activities. Accountability is established by linking a human to the activities of an online identity through the

security services and mechanisms of auditing, authorization, authentication, and identification. Thus, human accountability is ultimately dependent on the strength of the authentication process. Without a reasonably strong authentication process, there is doubt that the correct human associated with a specific user account was the actual entity controlling that user account when an undesired action took place.

IS AUDIT ...IT SECURITY

Introduction:

In the past decade, with the increased technology adoption by Banks, the complexities within the IT environment have given rise to considerable technology related risks requiring effective management.

This led the Banks to implement an Internal Control framework, based on various standards and its own control requirements and the current RBI guidelines. As a result, Bank’s management and RBI, need an assurance on the effectiveness of internal controls implemented and expect the IS Audit to provide an independent and objective view of the extent to which the risks are managed.

As a consequence, the nature of the Internal Audit department has undergone a major transformation and IS audits are gaining importance as key processes are automated, or enabled by technology. Hence, there is a need for banks to re-assess the IS Audit processes and ensure that IS Audit objectives are effectively met.

The scope of IS Audit includes:

Determining effectiveness of planning and oversight of IT activities

Evaluating adequacy of operating processes and internal controls

Determining adequacy of enterprise-wide compliance efforts, related to IT policies and internal control procedures

Identifying areas with deficient internal controls, recommend corrective action to address deficiencies and follow-up, to ensure that the management effectively implements the required actions

Following areas have been covered under this chapter:

IS Audit: The organisation's structure, roles and responsibilities. The chapter identifies the IS Audit stakeholders, defines their roles, responsibilities and competencies required to adequately support the IS Audit function

Audit Charter or Policy (to be included in the IS Audit): This point addresses the need to include IS Audit as a part of the Audit Charter or Policy

Planning an IS Audit: This point addresses planning for an IS Audit, using Risk Based Audit Approach. It begins with an understanding of IT risk assessment concepts, methodology and defines the IS Audit Universe, scoping and planning an audit execution

Executing an IS Audit: This describes steps for executing the audit, covering activities such as understanding the business process and IT environment, refining the scope and identifying internal controls, testing for control design and control objectives, appropriate audit evidence, documentation of work papers and conclusions of tests performed

Reporting and Follow-up: Describes the audit summary and memorandum, the requirements for discussing findings with the management, finalising and submitting reports, carrying out follow-up procedures, archiving documents and ensuring continuous auditing

Quality Review: This addresses the quality aspects which ensures supervision and exercising due care.

Information and network security very important

Introduction:

Information and the knowledge based on it have increasingly become recognized as ‘information assets’, which are vital enablers of business operations. Hence, they require organizations to provide adequate levels of protection. For banks, as purveyors of money in physical form or in bits and bytes, reliable information is even more critical and hence information security is a vital area of concern.

Robust information is at the heart of risk management processes in a bank. Inadequate data quality is likely to induce errors in decision making. Data quality requires building processes, procedures and disciplines for managing information and ensuring its integrity, accuracy, completeness and timeliness. The fundamental attributes supporting data quality should include accuracy, integrity, consistency, completeness, validity, timeliness, accessibility, usability and auditability. The data quality provided by various applications depends on the quality and integrity of the data upon which that information is built. Entities that treat information as a critical organizational asset are in a better position to manage it proactively.

Information security not only deals with information in various channels like spoken, written, printed, electronic or any other medium but also information handling in terms of creation, viewing, transportation, storage or destruction .This is in contrast to IT security which is mainly concerned with security of information within the boundaries of the network infrastructure technology domain. From an information security perspective, the nature and type of compromise is not as material as the fact that security has been breached.

To achieve effective information security governance, bank management must establish and maintain a framework to guide the development and maintenance of a comprehensive information security programme.

Basic Principles of Information Security:

Integrity: In information security, integrity means that data cannot be modified without authorization. This is not the same thing as referential integrity in databases.

BUSINESS CONTINUITY PLANNING ..IT SECURITY

BUSINESS CONTINUITY PLANNING

Introduction

The pivotal role that banking sector plays in the economic growth and stability, both at national and individual level, requires continuous and reliable services. Increased contribution of 24x7 electronic banking channels has increased the demand to formulate consolidated Business Continuity Planning (BCP) guidelines covering critical aspects of people, process and technology.

BCP forms a part of an organisation's overall Business Continuity Management (BCM) plan, which is the “preparedness of an organisation”, which includes policies, standards and procedures to ensure continuity, resumption and recovery of critical business processes, at an agreed level and limit the impact of the disaster on people, processes and infrastructure (includes IT); or to minimise the operational, financial, legal, reputational and other material consequences arising from such a disaster.

Effective business continuity management typically incorporates business impact analyses, recovery strategies and business continuity plans, as well as a governance programme covering a testing programme, training and awareness programme, communication and crisis management programme.

Roles, Responsibilities and Organisational structure Board of Directors and Senior Management

A bank’s Board has the ultimate responsibility and oversight over BCP activity of a bank. The Board approves the Business Continuity Policy of a bank. Senior Management is responsible for overseeing the BCP process which includes:

Determining how the institution will manage and control identified risks

Allocating knowledgeable personnel and sufficient financial resources to implement the

BCP

Prioritizing critical business functions

Designating a BCP committee who will be responsible for the Business Continuity Management

The top management should annually review the adequacy of the institution's business recovery, contingency plans and the test results and put up the same to the Board.

The top management should consider evaluating the adequacy of contingency planning and their periodic testing by service providers whenever critical operations are outsourced.

Ensuring that the BCP is independently reviewed and approved at least annually;

Ensuring employees are trained and aware of their roles in the implementation of the

BCP

Ensuring the BCP is regularly tested on an enterprise-wide basis

Reviewing the BCP testing programme and test results on a regular basis and

Ensuring the BCP is continually updated to reflect the current operating environment

COMPANIES & PARTNERSHIP ACT
1. A modification of charge under Section 125 of Companies Act, 1956, is registered by using which
Form Nos. Form Nos 8 & 13. The revised system for registration of charge with ROC is through
Electronic mode – MCA 21 (E-filing)
2.While granting advances to a company with charge created on securities which require registration
under Section 125, what is to be seen as a banker? As a banker, we should ensure that there is no
prior charge on the same securities by inspecting register of mortgages and charges at the office of
registrar of companies
3.Under Section 125 of Companies Act, a charge created by a joint stock company is required to be

STAMP ACT
1. Under the Indian Stamp Act, stamping is required on Demand promissory note, usance bill of
exchange, LC, Bill of Lading, Debentures, Transfer of LIC Policy, Proxy, Receipt etc
2. In case of demand bills stamp duty Not payable.
3. Stamp Duty chargeable has been waived by GOVT in respect of usance bills in the following cases:
Arising out of genuine trade transactions
Which are payable not more than 3 months after date or sight?
Which are drawn on or in favour of commercial/cooperative banks/SIDBI?
4. STAMP DUTY for AOD (CBRL), Indemnity, EQM, Regd Mortgage, Lease Deed, Agreement, Sale
Deed etc document is determined by the State Laws
5. An under stamped agreement can be set right by:

CONTRACT ACT
1. A mandate may not continue to be operative in cases of Death of agent, Lunacy of Agent,
Insolvency of Agent etc
2. The term ― Power of Attorney refers to An instrument by which one person i.e. Agent acts on
behalf of another i.e. Principal
3. Your customer Mr. Qureshi had executed a power of attorney in favour of Mr.Ahmed who operates
the account. You received a notice of death of Mr. Qureshi when a cheque signed by Mr. Ahmed is
presented for payment. Whether Cheque can be paid? Cheque should not be paid. (principal has died
– authority is derived from principal)
4. Mr. Modi maintains a current account in your branch which is operated by Mr. Jain in whose favour
Mr. Modi has executed a Power of Attorney. A notice about the death of Mr.Jain is received.

COPRA & OMBUDSMAN
1. Under COPRA 1986, what is the limit upto which State Forum can handle cases? Above 20
lakhs & upto 100 lakhs
2. What is the structure of consumer disputes redressal forum? Three Tier system
3. Limitation for filing complaint under COPRA from the date of cause of action is:Within 24 months
4. If a consumer is aggrieved with the verdict of the National Commission under C P Act, whether he
can appeal? YES. He can appeal to the Supreme Court
5. Under COPRA, a consumer can file a case at National Commission if the compensation claimed
exceeds: Rs. 100 lakhs

DRT MATTERS
1. The normal cut off limit to file an application in DRT shall be Rs. 10 lakhs and above
2. Where the cases before Debt Recovery Tribunal are decided, Tribunal awards Certificate of
Recovery (RC – Recovery Certificate).
3. The appeal on a DRT judgment is to be filed at Appellate Tribunal at respective centres
4. Whether already decreed accounts in various courts can be transferred to DRT YES, Where E P
amount reaches Rs. 10 Lakhs & above
5. Cases before DRT are presented by- Empanelled Advcoate

LIMITATION ASPECTS
1. Law of Limitation bars only the right and not the remedy (for eg. right to sell the seized goods,
pledged goods, right of set off etc Can be resorted to in time barred accounts)
2. The number of times the AOD can be obtained from the borrower without getting a fresh set of
documents is No such stipulation
3. Limitation period for applying for final decree Three years (from the date given/expiry of time
given) in the preliminary decree
4. The limitation period in the case of guarantees obtained by the bank from the borrower is:
is not renewed
5. AOD obtained after expiry of pronote - Not valid

LOK ADALAT:
1. Lok Adalats can handle the following disputes Fresh disputes not pending with courts and disputes
on which suits are Pending in the court
2. On the award made by the Lok Adalat No appeal is provided
3. Execution of the Award of Lok Adalat can be done by Civil Court
4. Lok Adalat is a Legal Authority under Legal Services Authority Act, 1987.
5. When a dispute is under consideration of Lok Adalat No change in the limitation period
6. Lok Adalat is organised for settling the disputes in respect of All commercial Banks
7. The cases to be referred to Lok Adalat are All recovery cases, wherein Borrower has expressed his

SECURITISATION & RECONSTRUCTION OF FINANCIAL ASSETS AND ENFORCEMENT OF

SECURED ASSETS ORDINANCE 2002 - SARFAESI Act - 2002

1. Is it necessary to classify the account as NPA for initiating action under the Act? YES

2. The above Act is applicable in respect of debts due to Nationalised Banks only

3. The Provisions of the Act are applicable in respect of All NPA a/cs with liability above Rs. 1 lac

4. Enforcement is not possible under this Act in respect of Time barred debts, where the present

liability is less than 20% of principal + int. &where the secured asset is an Agricultural Land

5. Whether limitation is suspended or saved while proceeding under the act? No

6. Movables seized under this Act have to be got valued by Valuer in the panel approved by the

Board of the Bank

SARFEASI ACT
• The act has two parts, first part stands for securitization and reconstruction of financial assets and
other part is enforcement of security interest.
• Eligible assets under the act may be enforced without intervention of court or tribunal with the laid
down procedure under the act.
• If party failed to deposit the amount, possession of charged/ secured assets is obtained from the
bank under section 13(4) of the act. Publication of possession notice in the act within 07 days is
mandatory.
• No secured creditor shall exercise any right, unless exercise of such right is agreed upon by the
secured creditors representing not less than 3/4th in value of the amount outstanding.
• If borrower restricts the bank to take physical possession of secured assets, petition is filed under
section 14 of the act to the CMM/DM praying to get the physical possession of the assets.
• No action is taken before 45 days of taking possession, as 45 days time is given under the act to
appeal against the action of the bank.
• Appeal with DRT can be filed by the party only after taking possession of the assets under section
17 of the act. Thereafter appeal can also be filed with DRAT under section 18 of the act. Civil court
does not jurisdiction to entertain any suit under provision of the act.
• Secured assets can be disposed off / sold giving 30 days notice to the parties concerned followed
by 30 days publication of sale through auction/ tender notice of these assets in the vernacular
newspaper and national daily.
• 60 days notice is served under 13(2) of SARFEASI
• Action is taken for the dues exceed Rs.1 lakh
• Agriculture Land and lease hold property can not be enforced
• Appeal is made within 45 days of possession of secured asset

• 30 days notice is served indicating there in the sale of asset
• 30 days publication is made for auction of secured assets
• Possession of property is obtained under 13(4) SARFEASI Act
• Publication of possession of property -within 7 days from the date of possession.
• SERFEASI ACT 2002 does not apply to the following assets –
A -lien on any goods, money or security.
B -A pledge of moveable.
C – Creation of any security in any aircraft or vessel.
D – Any property that can not be attached under any other law.
E – Any security interest for securing repayment any financial asset not exceeding Rs.1 lac.
F – Any case in which the amount due is less than 20% of the principal amt.
G – Any interest created in agriculture land.

Negotiable instruments act

NEGOTIABLE INSTRUMENTS ACT

1. What is the Section which contains the provisions relating to bouncing of cheques? Sec 138 to

147 of NI Act

2. What is the characteristic of a negotiable instrument? It must be transferable by delivery. & b) It

must enable the holder to sue in his own name

3. Who is the holder in the context of the negotiable instruments? Holder is the person who is

entitled to the possession of the instrument and to receive the amount of the instrument in his own

name

4. A cheque dated 3rd Jan 2005 bears the striking of the pre-printed year 19., can be passed? YES.

Striking need not be authenticated and cheque can be passed.

5. Whether protection is available to the paying banker in case of a cheque where drawer‘s signature

is forged? No.

Banking sector IT guidelines

Banking Sector IT guideline
The Reserve Bank of India issued new guidance in April 2011 for banks to mitigate
the risks of use of information technology in banking operations. RBI guidelines are
result of the Working Group's recommendations on information security, electronic
banking, technology risk management and cyber fraud. The Working Group was formed
under the chairmanship of G. Gopalakrishna, the executive director of RBI in April 2010.
The guidance is largely driven by the need for mitigating cyber threats emerging from
increasing adoption of IT by commercial banks in India.
Recommendations are made in nine broad areas, including-
1. IT Governance: emphasizes the IT risk management accountability on a bank's
board of directors and executive management. Focus includes creating an
organizational structure and process to ensure that a bank's IT security sustains
and extends business strategies and objectives.
2. Information Security: maintaining a framework to guide the development of a
comprehensive information security program, which includes forming a separate
information security function to focus exclusively on information security and risk
management, distinct from the activities of an information technology
department. These guidelines specify that the chief information security officer
needs to report directly to the head of risk management and should not have a
direct reporting relationship with the chief information officer.
3. IT Operations: specialized organizational capabilities that provide value to
customers, including IT service management, infrastructure management,
application lifecycle management and IT operations risk framework.
4. IT Services Outsourcing: places the ultimate responsibility for outsourcing
operations and management of inherent risk in such relationships on the board
and senior management. Focus includes effective selection of service provider,
monitoring and control of outsourced activities and risk evaluation and
management.
5. Information Security Audit: the need for banks to re-assess IS audit processes
and ensure that they provide an independent and objective view of the extent to
which the risks are managed. This topic focuses on defining the roles and
responsibilities of the IS audit stakeholders and planning and execution of the
audit.
6. Cyberfraud: defines the need for an industry wide framework on fraud
governance with particular emphasis on tackling electronic channel based frauds.
Focus includes creating an organizational structure for fraud risk management
and a special committee for monitoring large value fraud.

7. Business Continuity Planning : focuses on policies, standards and procedures

to ensure continuity, resumption and recovery of critical business processes.
Also, this topic emphasizes implementing a framework to minimize the
operational, financial, legal, reputational and other material consequences arising
from such a disaster.
8. Customer Education: the need to implement consumer awareness framework
and programs on a variety of fraud related issues.
9. Legal Issues: defines the need to put effective processes in place to ensure that
legal risks arising from cyber laws are identified and addressed at banks. It also
focuses on board's consultation with legal department on steps to mitigate
business risks within the bank.

Monday, 9 July 2018

Types of Charges : Very simple way

Purpose, Various types of charges:
1. Pledge - It is used when the bank (or, lender, known as pledgee) takes
actual possession of the securities, such as goods, certificates, golds,
etc, (you provide it to bank to avail loan) which are generally movable in nature.

Bank keeps the securities with itself, and provide loan to you.
Bank will return the securities (possession of goods) to you (borrower,known
as pledgor), after you repay all the debts (i.e., loan) to the bank. In case you
are unable to pay back, then the bank has the right to sell the assets,
and recover the loan amount (with interest).
Example - Gold loans, Jewellry loans, warehouse finance.
2. Hypothecation - It is used when you (borrower) have the
actual possessionof the asset, for which you have taken the loan. Generally,
this is charged against loans for movable assets, like car, bus, etc.
(i.e., vehicle loans). Here, the assets (bus, car, etc.) remain with you, and you
are hypothecated to the bank for the loan granted.
In case you are unable to repay the loan amount, then the bank has the right
to sell the asset (bus, car, etc.), (which is possessed by you) and recover the
total amount (with interest).
Example - Car loans, Bus loans, etc.
3. Mortgage - It is used when you (borrower) have the
actual possession of the assets, for which you are granted loan (e.g., house
loan), or against whichyou are granted loan (e.g., house
mortgaged). Mortgages are generally those assets, which
are permanently attached with Earth surface, like house, land, factory etc.
In case you are unable to repay the loan amount, the bank has
the right to seize and sell the mortgage, and recover the loan amount (with
interest).

Large Exposures Framework full details

Large Exposures Framework

1. Introduction

1.1 A bank’s exposures to its counterparties may result in concentration of its assets to a single counterparty or a group of connected counterparties. As a first step to address the concentration risk, the Reserve Bank, in March 1989, fixed limits on bank exposures to an individual business concern and to business concerns of a group. RBI’s prudential exposure norms have evolved since then and a bank’s exposure to a single borrower and a borrower group is currently restricted to 15 percent and 40 percent of capital funds respectively. A comprehensive policy framework on the subject is consolidated in the Master Circular – Exposure Norms/Master Direction - Prudential Norms on Banks’ Exposures.

1.2 In January 1991, the Basel Committee on Banking Supervision (BCBS) issued supervisory guidance on large exposures, viz., Measuring and Controlling Large Credit Exposures. Further, the Core Principles for Effective Banking Supervision (Core Principle 19), published by BCBS in October 2006 (since revised in September 2012) prescribed that local laws and bank regulations set prudent limits on large exposures to a single borrower or a closely related group of borrowers. In order to foster a convergence among widely divergent national regulations on dealing with large exposures, the BCBS issued the Standards on ‘Supervisory framework for measuring and controlling large exposures’ in April 2014. The Reserve Bank has decided to suitably adopt these standards for banks in India and, accordingly, the instructions on banks' Large Exposures (LE) is described in the following paragraphs.

LARGE EXPOSURES FRAMEWORK (LEF)

LARGE EXPOSURES FRAMEWORK (LEF)
The following write up on Large Exposures Framework (LEF) is based on RBI
Notification No. RBI/2016-17/167 DBR.No.BP.BC.43/21.01.003/2016-17 dated December
1, 2016. Candidates are advised to refer to the Notification for additional details.
In order to align the exposure norms for Indian banks with the BCBS standards, RBI has laid
down the guidelines on Large Exposures Framework on December 1, 2016. The guidelines are
aimed at significant tightening of norms pertaining to concentration risks of banks, especially
in relation to large borrowers. The guidelines come into effect from April 1, 2019.
A large exposure is defined as any exposure to a counter-party or group of counter-parties
which is equal to 10 per cent of the bank’s eligible capital base (defined as tier-I capital).
LARGE EXPOSURE LIMITS
Single Counterparty: The sum of all the exposure values of a bank to a single counterparty
must not be higher than 20 percent of the bank’s available eligible capital base at all times. In
exceptional cases, Board of banks may allow an additional 5 percent exposure of the bank’s
available eligible capital base. Banks shall lay down a Board approved policy in this regard.
Groups of Connected Counterparties: The sum of all the exposure values of a bank to a
group of connected counterparties, as defined below, must not be higher than 25 percent of the
bank’s available eligible capital base at all times.

Information Technology (Amendment) Act, 2008 full details

Information Technology (Amendment) Act, 2008
BRIEF HISTORY
The Indian Information Technology Act 2000 (“Act”) was a based on the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law[1]; the suggestion was that all States intending to enact a law for the impugned purpose, give favourable consideration to the said Model Law when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper-based methods of communication and storage of information. Thus the Act was enacted to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involved the use of alternatives to traditional or paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies. Also it was considered necessary to give effect to the said resolution and to promote efficient delivery of Government services by means of reliable electronic records. The Act received the assent of the President on the 9th of June, 2000.

The Act was subsequently and substantially amended in 2006 and again in 2008 citing the following objectives:
• With proliferation of information technology enabled services such as e-governance, ecommerce and e-transactions, protection of personal data and information and implementation of security practices and procedures relating to these applications of electronic communications have assumed greater importance and they require harmonization with the provisions of the Information Technology Act. Further, protection of Critical Information Infrastructure is pivotal to national security, economy, public health and safety, so it has become necessary to declare such infrastructure as a protected system so as to restrict its access.
• A rapid increase in the use of computer and internet has given rise to new forms of crimes like publishing sexually explicit materials in electronic form, video voyeurism and breach of confidentiality and leakage of data by intermediary, e-commerce frauds like personation commonly known as Phishing, identity theft and offensive messages through communication services. So, penal provisions are required to be included in the Information Technology Act, the Indian Penal Code, the Indian Evidence Act and the Code of Criminal Procedure to prevent such crimes.
• The United Nations Commission on International Trade Law (UNCITRAL) in the year 2001 adopted the Model Law on Electronic Signatures. The General Assembly of the United Nations by its resolution No. 56/80, dated 12th December, 2001, recommended that all States accord favorable consideration to the said Model Law on Electronic Signatures. Since the digital signatures are linked to a specific technology under the existing provisions of the Information Technology Act, it has become necessary to provide for alternate technology of electronic signatures for bringing harmonization with the said Model Law.
• The service providers may be authorized by the Central Government or the State Government to set up, maintain and upgrade the computerized facilities and also collect, retain appropriate service charges for providing such services at such scale as may be specified by the Central Government or the State Government.

Today's KYC aml recollected questions

KYC/AML recollected questions 8-7-18

Paper was difficult & twisted.

{Periodicity of risk categorization,stages of money laundering 2 marks questions almost 4,desidnated director is designated by?,pmla amendments almost 4 questions,str,ccr,period of retention of transaction,which banks is not included in Wolfsburg banks,responsibility of board of directors and PO,reporting entity,transaction means,person means,which countries need permission to open account,egmont group,which laws r in USA legislation,act related to Australia,freezing of assets power lies with whom,fiu-ind 2-3 questions,social impact of m/l,which is not stage in m/l,multiple tier account,pep,updation of kyc policy,ckycr assign identifier of whom,legislation supporting aml measure,shell bank,elements of kyc policy,stages of cip,simplified due diligence,utility bill,proprietary firm,small ac

IIBF & NISM Adda

Tuesday, 10 July 2018

Basic Principles of Information Security:

IS AUDIT ...IT SECURITY

Information and network security very important

BUSINESS CONTINUITY PLANNING ..IT SECURITY

Negotiable instruments act

Banking sector IT guidelines

Monday, 9 July 2018

Types of Charges : Very simple way

Large Exposures Framework full details

LARGE EXPOSURES FRAMEWORK (LEF)

Information Technology (Amendment) Act, 2008 full details

Sunday, 8 July 2018

Today's KYC aml recollected questions

IIBF Certificate Exams(Adda)

Followers