Commonwealth Bank Data Breach: Risk Management Failure
Added on 2023-06-10
6 Pages2277 Words446 Views
|
|
|
Running head: INFORMATION SYSTEMS FOR BUSINESS PROFESSIONAL
Information Systems for Business Professional: Annotated
Bibliography
Name of Student-
Name of University-
Author’s Note-
Information Systems for Business Professional: Annotated
Bibliography
Name of Student-
Name of University-
Author’s Note-
1
Assignment 1
Annotated Bibliography
Introduction
The Commonwealth Bank failed to take actions on suspicions that the Intelligent Deposit
Machines (IDMs) network was facing data breach. The network of IDMs were used by the drug
syndicates to take millions and millions of dollars. Austrac (Australian Transaction Reports and
Analysis Center) is a financial agency of intelligence said that it is suing money laundering act
and counter-terrorism-financing laws for the Commonwealth bank for all the 53,700 data
breaches that has taken place.
This case study deals with using of IDM (Intelligent Deposit Machines), which is a type
of Automated Teller Machine that was launched in the year 2012. These IDM machines allows
the customers to deposit as well as transfer cash anonymously at any time even the banks are
closed. The Commonwealth Bank was not able to provide detailed report to Austrac about the
loss of about suspicious transaction $77 million that took place in the data breach. Even when the
bank came to know about the money laundering in their IDM machines, Commonwealth bank
failed to take the necessary steps for mitigating and managing the risk that was associated.
Commonwealth bank came to know about the suspicious account hack in May 2015
itself. But the organization was failed to take proper actions by which they can alert the
authorities about the big transactions that are taking place. All such risk management issues are
explained in this report that the Commonwealth bank failed to take. Even after identifying the
unusual pattern transactions taking place in some accounts, the officials still did not inform the
authorities and allowed all transactions. All such details about what could have been done during
the data breach is explained in this report.
Knaus, C. (2017). Commonwealth Bank accused of money laundering and
terrorism-financing breaches. [online] the Guardian. Available at:
https://www.theguardian.com/australia-news/2017/aug/03/commonwealth-
bank-accused-of-money-laundering-and-terrorism-financing-breaches
[Accessed 25 Jul. 2018].
The Commonwealth Bank has started using Intelligent Deposit Machines (IDMs) was
launched in the year 2012, which are similar to Automated Teller Machines (ATMs). IDM is
actually high speed machine with large capacity of cash deposit. According to Knaus 2017, IDM
has extra features like banknote validation as well as can sort cash or can track by serial number.
There are many advantages that Intelligent Deposit Machines offers.
Provides self-service reinvention for all financial institutions.
Reduces the cost compared to ATMs and also has more efficiency than ATMs.
The IDM machines usually uses new technology that helps to drive the value-added
services as well as improves the experience of the customer of using the IDM machine.
The channel of IDM is central to the banks and so the banks are opting for IDM
machines. This is done because so that the work is made self- service and all the works
can be one automatically.
The Intelligent Deposit Machines generates streams of new revenue.
In the month of April 25, Commonwealth bank came to know about the suspicious
money transfers and repeated connected patterns of all cash that were deposited. But the bank
Assignment 1
Annotated Bibliography
Introduction
The Commonwealth Bank failed to take actions on suspicions that the Intelligent Deposit
Machines (IDMs) network was facing data breach. The network of IDMs were used by the drug
syndicates to take millions and millions of dollars. Austrac (Australian Transaction Reports and
Analysis Center) is a financial agency of intelligence said that it is suing money laundering act
and counter-terrorism-financing laws for the Commonwealth bank for all the 53,700 data
breaches that has taken place.
This case study deals with using of IDM (Intelligent Deposit Machines), which is a type
of Automated Teller Machine that was launched in the year 2012. These IDM machines allows
the customers to deposit as well as transfer cash anonymously at any time even the banks are
closed. The Commonwealth Bank was not able to provide detailed report to Austrac about the
loss of about suspicious transaction $77 million that took place in the data breach. Even when the
bank came to know about the money laundering in their IDM machines, Commonwealth bank
failed to take the necessary steps for mitigating and managing the risk that was associated.
Commonwealth bank came to know about the suspicious account hack in May 2015
itself. But the organization was failed to take proper actions by which they can alert the
authorities about the big transactions that are taking place. All such risk management issues are
explained in this report that the Commonwealth bank failed to take. Even after identifying the
unusual pattern transactions taking place in some accounts, the officials still did not inform the
authorities and allowed all transactions. All such details about what could have been done during
the data breach is explained in this report.
Knaus, C. (2017). Commonwealth Bank accused of money laundering and
terrorism-financing breaches. [online] the Guardian. Available at:
https://www.theguardian.com/australia-news/2017/aug/03/commonwealth-
bank-accused-of-money-laundering-and-terrorism-financing-breaches
[Accessed 25 Jul. 2018].
The Commonwealth Bank has started using Intelligent Deposit Machines (IDMs) was
launched in the year 2012, which are similar to Automated Teller Machines (ATMs). IDM is
actually high speed machine with large capacity of cash deposit. According to Knaus 2017, IDM
has extra features like banknote validation as well as can sort cash or can track by serial number.
There are many advantages that Intelligent Deposit Machines offers.
Provides self-service reinvention for all financial institutions.
Reduces the cost compared to ATMs and also has more efficiency than ATMs.
The IDM machines usually uses new technology that helps to drive the value-added
services as well as improves the experience of the customer of using the IDM machine.
The channel of IDM is central to the banks and so the banks are opting for IDM
machines. This is done because so that the work is made self- service and all the works
can be one automatically.
The Intelligent Deposit Machines generates streams of new revenue.
In the month of April 25, Commonwealth bank came to know about the suspicious
money transfers and repeated connected patterns of all cash that were deposited. But the bank
2
Assignment 1
Annotated Bibliography
took no such initiative for preventive measures (Question 1). Commonwealth Bank, after
suspecting also continued all the transactions of the individuals on the accounts. But the suspects
were arrested on January 19, 2015 (Question 2). The commonwealth bank failed to show the
details of the reports which are commonly known as Threshold Transaction Report. Almost 95%
of threshold transaction mostly occurred in the bank in the duration of November 2012 and
September 2015.
In this article, Austrac stated that the Commonwealth bank failed to address the risk
management factors for the IDM machines for the money laundering that took place or for the
terror financing before the year 2012. CBA (Commonwealth Bank of Australia) took no such
steps to stop the terror financing or money laundering risk until 2015. After three years they took
preventive measures for mitigating the risks.
Isaca.org. (2015). [online] Available at: https://www.isaca.org/Knowledge-
Center/cobit/Documents/COBIT4.pdf [Accessed 25 Jul. 2018].
COBIT stands for Control Objectives for Information and Technology. The Cobit
provides good practice in all domain of an organization and the process all the frameworks
included in the Commonwealth bank are involved in Cobit. Cobit also provides activities in
some manageable structure as well as logical structure. The Cobit involved in Commonwealth
bank involves good practice that represents expert consensus (Question 3). Cobit strongly
focuses on the control of the process rather than execution. As stated by Isaca.org, the practices
involved in Cobit helps to optimize the investments of the IT enabled practices that ensures the
service delivery and also provides measure about the things that goes wrong in the bank.
For the Information technology to be successful in the Commonwealth bank for
successful delivering of all the business requirements, the bank should provide framework in the
organization or provide internal control system. There are many reasons for the CBA bank to
have a control COBIT framework in the organization. The needs are stated below:
Making link to business requirements.
Organizing the IT activities in process model.
Identify the major resources of IT that is to be leveraged.
Define management for control objectives that is to be considered.
The CBA business orientation included in COBIT includes linking the business goals
with maturity models for measuring the achievement as well as identifying all responsibilities of
the business and the owners of the IT process.
The main aim of using the AML/CTF guide is helping the bookmakers to meet
requirements of AML/CTF Act (Anti-Money Laundering and Counter-Terrorism Financing Act
2006) and AML/CTF Rules (Anti-Money Laundering and Counter-Terrorism Rules Instrument
2007) (Question 2). Money laundering is a process where the criminals tries to hide the origin or
the true ownership of proceedings of criminal activities so that they can avoid prosecution,
confiscation, as well as avoid conviction. So, these acts and rules were needed by CBA.
Assignment 1
Annotated Bibliography
took no such initiative for preventive measures (Question 1). Commonwealth Bank, after
suspecting also continued all the transactions of the individuals on the accounts. But the suspects
were arrested on January 19, 2015 (Question 2). The commonwealth bank failed to show the
details of the reports which are commonly known as Threshold Transaction Report. Almost 95%
of threshold transaction mostly occurred in the bank in the duration of November 2012 and
September 2015.
In this article, Austrac stated that the Commonwealth bank failed to address the risk
management factors for the IDM machines for the money laundering that took place or for the
terror financing before the year 2012. CBA (Commonwealth Bank of Australia) took no such
steps to stop the terror financing or money laundering risk until 2015. After three years they took
preventive measures for mitigating the risks.
Isaca.org. (2015). [online] Available at: https://www.isaca.org/Knowledge-
Center/cobit/Documents/COBIT4.pdf [Accessed 25 Jul. 2018].
COBIT stands for Control Objectives for Information and Technology. The Cobit
provides good practice in all domain of an organization and the process all the frameworks
included in the Commonwealth bank are involved in Cobit. Cobit also provides activities in
some manageable structure as well as logical structure. The Cobit involved in Commonwealth
bank involves good practice that represents expert consensus (Question 3). Cobit strongly
focuses on the control of the process rather than execution. As stated by Isaca.org, the practices
involved in Cobit helps to optimize the investments of the IT enabled practices that ensures the
service delivery and also provides measure about the things that goes wrong in the bank.
For the Information technology to be successful in the Commonwealth bank for
successful delivering of all the business requirements, the bank should provide framework in the
organization or provide internal control system. There are many reasons for the CBA bank to
have a control COBIT framework in the organization. The needs are stated below:
Making link to business requirements.
Organizing the IT activities in process model.
Identify the major resources of IT that is to be leveraged.
Define management for control objectives that is to be considered.
The CBA business orientation included in COBIT includes linking the business goals
with maturity models for measuring the achievement as well as identifying all responsibilities of
the business and the owners of the IT process.
The main aim of using the AML/CTF guide is helping the bookmakers to meet
requirements of AML/CTF Act (Anti-Money Laundering and Counter-Terrorism Financing Act
2006) and AML/CTF Rules (Anti-Money Laundering and Counter-Terrorism Rules Instrument
2007) (Question 2). Money laundering is a process where the criminals tries to hide the origin or
the true ownership of proceedings of criminal activities so that they can avoid prosecution,
confiscation, as well as avoid conviction. So, these acts and rules were needed by CBA.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Data Breach in Commonwealth Bank of Australia: An Annotated Bibliographylg...
|8
|2228
|234
Banking Law and Misleading Conductlg...
|11
|2786
|127
Commonwealth Bank of Australia (CBA) Money Laundering Scandallg...
|10
|2949
|468
Commonwealth Bank of Australia's Anti-Money Laundering Breachlg...
|7
|1869
|168
Behavioral Factors Leading to Gross Negligence in Commonwealth Bank of Australialg...
|13
|2346
|243
CBA Money Laundering Scandallg...
|10
|2310
|15