Partners & Associations

Clients Served

CTSS BUSINESS PROCESS AND IT SECURITY & CONTROLS USE CASES

Client 1: 

Large Global Financial Institution 

Project: 

Privacy Review of the Consumer Credit data with reference to the HKMA IC-6 and 
Personal Data Privacy Ordinance (PDPO). 

Nature: 

The bank had run into issues in their internal process and handling of the consumer credit 
data, potentially flouting regulatory requirements. Complaints from the banks customers 
had risen to the regulators and subsequent handling had drawn closer scrutiny. As part of 
the remediation efforts of the bank, CTSS was invited to perform an independent 
assessment. 

How we helped: 

We helped the bank assess the current handling of consumer credit data by the respective 
teams and departments for it’s consumer credit retail products and their compliance to 
regulatory requirements. Areas covered include: 

• End-to-end process review of each retail product, from both a process flow and data flow

• Compliance to the regulatory requirements of HK IC-6 and PDPO

• Technical review of relevant systems to assess security and access and compliance to requirements

• Provide a report detailing the findings and recommendations, presenting to the Executive Board areas where the bank still needed additional effort to meet compliance to the banking regulations. 

Client 2: 

Fortune 50 Commodities Company 

Project: 
IT security and certification review. 

Nature: 

A review of the key global offices/operations of the group to assess the current state of IT 
security across the organization based on the ISO 27001 and PCI-DSS Standards, and industry and global framework for information security management. 

How we helped: 

The group had grown rapidly over the recent years and the pace of growth at each region 
varied. Similarly IT and it’s operations had developed at varying speeds and in different 
directions. We helped the group assess the current state of IT operations and security and 
also at key IT applications within those regional operations identifying areas of strengths 
and also deficiencies, either common or unique. We identified the challenges faced by IT and management, issues ranging from IT strategy, to IT operations and policies and standards and suggested a roadmap for remediation. 

Client 3: 

Large Global Financial Institution 

Project: 

Reviewed and implemented regional Business Continuity Management. 

Nature: 

In preparation for H1N1 pandemic and the need for a review and testing of their internal 
Business Continuity Plan processes, engaged us to review their current 
BCM :methodology. 

How we helped: 

We reviewed Company’s Business Continuity Processes, as well as their Disaster 
Recovery processes. As part of this process we helped them to implement the following 
risk controls: 

• Dynamic call tree system so that everyone in a call-tree chain is aware of who 
has been contracted, their health status and availability

• Reviewed business impact analysis for each line of business, to ensure that Management was aware of the level of risk and the likelihood of risk that might occur

• Conducted an on-site review live review of BCP/DRP processes at the business 
continuity sites and the disaster recovery sites

• Worked with Company’s internal IT to design a system to provide 24/7/365 
secure remote access to priority system for all key personnel. As part of the 
design and review,  confirmed and tested access links and ensured that the 
proper security controls were in place and monitored. 

Client 4: 

Regional Bank 

Project: 
Assessment for the Day-End process of the ATM System 

Nature: 
A review of the banks IT operations and technical environment supporting the day-end 
operations of the ATM system and operations and procedures supporting the 
reconciliation process. 

How we helped: 

The bank had run into problems in their current day-end process of the ATM system 
where a limited few account balances were showing abnormal values. We helped the 
bank by reviewing their current operations and business processes of the main banking systems 
supporting the day-end and ATM reconciliation processes. We identified areas that the 
bank could consider to improving and adopting to mitigate the risk of a repeat of such 
instances.

Areas identified for improvement include: 
• IT operations – system and operation processes and enhancements

• Reconciliation operations – system reports and reconciliation processes improvements. 

Client 5: 

Global Insurance Company 

Project: 

Implementation of Variable Annuity (VA) Hedging Solution. As part of the engagement we 
conducted a thorough current state assessment which reviewed core system, data interfaces
between systems, data governance and data stewardship. 

Nature: 

In order to plan for implementing a comprehensive system to evaluate risk for Samsung, 
we reviewed the following aspects of their data stewardship process: 

• Data architecture and analysis 
• Data security management including encryption and single signon processes 
• Metadata management 
• Reference and Master data management 
• Data quality Improvement 
• Unstructured data management 

How we helped: 

Our process review helped SLI understand a number of complex aspects of VA 
deployment in their environment. In particular, we were able to provide guidance in the 
following areas: 

• Highlight areas of weakness in their data cleaning and loading process which 
would help them to reduce the lead-time for loading inForce policy data into the 
VA system by 30% saving them 4 hours(duration) per work-day

• Incorporate data encryption techniques during data transmission to eliminate 
possible leakage of sensitive inForce data

• Implement role-based security access to inForce data to ensure access to data 
was managed according to business requirements and in a way that was 
measured and verifiable. 

Client 6: 

Global Financial Institution 

Project:

Project Advisory Services for Implementing a new Chart of Accounts (CoA) on Oracle Applications 

Nature: 

The bank was replacing its legacy general ledger systems with Oracle's General Ledger and 
Financial Consolidation Hub modules over the course of the 18 months, involving major 
changes to: 

• chart of accounts (CoA) design, 
• integration of some 40+ banking source systems with the Oracle Applications, 
• deployment of the system in Hong Kong and the mainland. 
• existing management reports across the entire bank. 

How we helped: 

Given the project's complexity and the potential impact on the entire bank, We were engaged to perform end-to-end advisory services on the project from day one. We worked closely with the project team to monitor, assess and advise on project and quality issues from planning, requirement definition, design, development, testing, acceptance, rehearsal to going live in HK and rollout to mainland branches.