My first Publication ocbc_ar17_fullreport_english | Page 55

COMBATING FINANCIAL CRIMES
AND CYBER THREATS
RESPONSIBLE BUSINESS PRACTICES
WHY THIS IS MATERIAL TO US
We are required to comply with the notices issued by the Monetary Authority of Singapore (MAS), Bank Negara Malaysia, Indonesia’s
Financial Services Authority, the China Banking Regulatory Commission, the Hong Kong Monetary Authority and other regulators
in the markets in which we operate for the prevention of money laundering and countering the financing of terrorism. We take cyber
security seriously. This is imperative given that cyber attacks, which have risen in volume and intensity globally, raise data privacy
concerns and have the potential to disrupt essential banking services.
MANAGEMENT AND EVALUATION OTHERS
We adopt a holistic approach to ensure that all
risks relating to money-laundering, financing of
terrorism and cyber security are properly managed,
mitigated and reported. To tackle the increasing scale and complexity of anti-money
laundering (AML) monitoring, OCBC is among the first Singapore
banks to tap artificial intelligence (AI) and machine learning
to enhance the detection of suspicious activity. The use of
this technology will significantly increase OCBC’s operational
efficiency and accuracy in this area.
SELECTED POLICIES
OCBC Anti-Money Laundering/Countering the
Financing of Terrorism (AML/CFT) Framework
Incorporates regulatory requirements under
MAS Notice 626 and aligns with international
and industry AML/CFT standards
OCBC Cyber Risk and Resilience Policy
Incorporates regulatory requirements and
aligns with international industry guidance
on cyber resilience
SELECTED PRACTICES
 OCBC AML/CFT Programme
Ensures compliance with sanctions and performance
of customer due diligence
 OCBC Cyber Risk Awareness and
Social Engineering Testing Programme
Educates all employees about cyber threats and
continuously improves employee vigilance to guard
against changing cyber threat landscape
 OCBC Cyber Defence Programme
Continuously monitors network for cyber threats
through a 24-hour Cybersecurity Operations Centre,
with constant upgrades of our cyber defence capabilities
 OCBC Business Continuity and
Crisis Management Programme
Ensures minimal disruption of essential banking
services during times of crisis, including cyber attacks,
and raises employee crisis management capabilities
Group Legal and Regulatory Compliance regularly
updates the Board and Management on the AML/CFT
programme with a range of key risk indicators, trends,
typologies and developments.
Please refer to AML/CFT Risk Management and Technology,
Information and Cyber Risk Management on page 94.
OCBC is in an extended proof of concept, pre-implementation
phase for the technology developed by fintech start-up ThetaRay.
Upon its successful conclusion, OCBC targets to begin fully
implementing the technology, which will run in parallel with
its existing transaction monitoring system, in the second
quarter of 2018.
PERFORMANCE AND TARGETS
OCBC has established performance metrics to track staff training
attendance as well as breaches of security or applicable laws and
regulations. These metrics are monitored and reviewed closely.
100 %
SOCIAL ENGINEERING TESTING CONDUCTED AMONG
EMPLOYEES TO RAISE VIGILANCE ABOUT CYBER THREATS
Note: Testing includes employees in Singapore, Malaysia, China,
Hong Kong and our other network markets
100 %
COMPLETION OF MANDATORY BIENNIAL AML AND
CFT TRAINING AND ASSESSMENT
Note: The training performance includes employees in Singapore,
Malaysia and our other network markets
100 %
OF THE FEW CUSTOMER PRIVACY BREACHES WERE
RESOLVED SATISFACTORILY
We will strive to maintain our good track record as we
continuously enhance our capabilities in combating financial
crimes and cyber threats.
BUILDING ON OUR CORPORATE STRATEGY FOR SUSTAINABLE GROWTH
53