Demand is on the rise for cold storage vault services for cryptocurrency. As CIT and vault providers work to meet the demand, they are facing risks that are at once similar and very different from those they encounter with their cash services.
As a vault or transport provider, how well do you understand the risks of cold storage?
Our latest slideshow highlights 7 components of a risk assessment for cold storage providers of cryptocurrency. It looks at the following:
- The right safe for the job
- Control of digital threats
- Control of physical threats
- Identity verification
- Dual controls
- Access logs
- Procedural integrity
Flip through the slideshow here:
To learn more about custodial crypto transportation and storage, we invite you to download our whitepaper, Custodial Crypto Transportation and Storage: Understanding and Mitigating the Risks.
Interactive Teller Machines (ITMs) present a win-win for customers and banks alike. These machines offer new levels of automation, allowing banks to efficiently deliver a wide range of banking services. ITMs free up teller lines for higher level services, allowing customers to take care of basic needs on their own. ITMs bring new levels of convenience for customers who are increasingly comfortable with digital banking services.
ITMs also open up new opportunities for CIT carriers who are able to step up to the demands of servicing a more complex machine. That said, the details of ITM servicing cause concern and complexity. Consider the placement of the ITMs. While convenient for customers, their placements often put carriers at increased risk of attack. Not to mention the time it takes to service an ITM, which is significantly longer than a traditional ATM. These longer service windows also add to a carrier’s risk.
Our latest slideshow resource sheds light on emerging risks CIT carriers face as they look to expand their banking relationships to handle ITM servicing.
Flip through the presentation here:
A High Reliability Organization (HRO) is one that achieves desired outcomes consistently, despite operating in a highly complex environment characterized by high risks. It learns from its failures, even those unanticipated, and uses them to improve over time.
Could the Cash Processing and Transport System (CPTS) operate like an HRO? Let’s begin by determining if CPTS shares the characteristics of an HRO. … Continue reading
In today’s integrated financial services system, Cash-in-Transit (CIT) service providers face new challenges in theft and fraud prevention. Traditional approaches to internal controls may leave risky gaps where CIT vendors and their banking customers intersect. Upgrading—and redesigning—these controls so that partners interpret outcomes accurately, and in the same way, is necessary to raise the adequacy of protections against theft and fraud risks.
The Office of the Comptroller of the Currency (OCC) has made it clear that banking institutions are ultimately responsible for the risk management performance of the third party cash vendor services they purchase. Banks cannot simply offload risks to vendors when they outsource traditional banking services. … Continue reading
The Office of the Comptroller of the Currency (OCC) is focused on the responsibility of financial institutions—national banks and Federal savings associations—to be responsible for the risk management of business operations whether they are performed internally or through third party vendors.
CIT companies are clearly included in this mandate.
The OCC recognizes that the growing interconnectedness of banks with third party cash management service providers has created new sources of risk due to gaps or inconsistencies of controls that can occur where distinct businesses interface. In everyday terms, this means there can be situations where “no one is in charge.”
Since the OCC is responsible for the security of the overall financial system, it is moving to make banks accountable for the gaps and inconsistencies between them and third party vendors that may pose risk to the system.
This creates specific kinds of difficulties for banks because they can be held accountable for the actions of organizations they do not own. Banks and their third party vendors, including CIT businesses, have different regulatory, standard practice, and incentive profiles, as well as different cultures and assumptions. It will take especially thorough due diligence to write contracts that lay out the important responsibilities and performance expectations for the different parties to get all the entities on the same page.
In these circumstances, monitoring performance takes on greater importance. There is a substantial possibility that unanticipated gaps or inconsistencies will emerge despite careful risk management planning. Banks have a strong incentive to measure performance and find irregularities as quickly as possible. … Continue reading