Financial Services Banking And Insurance Notes Pdf

  • and pdf
  • Sunday, May 23, 2021 4:17:50 PM
  • 5 comment
financial services banking and insurance notes pdf

File Name: financial services banking and insurance notes .zip
Size: 27224Kb
Published: 23.05.2021

Financial services are the economic services provided by the finance industry, which encompasses a broad range of businesses that manage money, including credit unions , banks , credit-card companies, insurance companies, accountancy companies, consumer-finance companies, stock brokerages , investment funds , individual managers, and some government-sponsored enterprises. The term "financial services" became more prevalent in the United States partly as a result of the Gramm-Leach-Bliley Act of the late s, which enabled different types of companies operating in the U. Companies usually have two distinct approaches to this new type of business. One approach would be a bank which simply buys an insurance company or an investment bank , keeps the original brands of the acquired firm, and adds the acquisition to its holding company simply to diversify its earnings. Outside the U.

Enduring Cyber Threats and Emerging Challenges to the Financial Sector

At the time of writing, several financial services firms are working to restore their networks following disruptive cyber attacks. Banks in Chile and Seychelles, as well as financial technology companies like Silverlake Axis, a supplier of core banking systems throughout the Asia-Pacific, are all reportedly victims of separate ransom and extortion attempts. Regulators have been taking increasing notice of these cyber threats, and operational resilience has shot to the top of agendas around the world.

A few years ago, targeted attacks on financial services sector firms were still relatively rare. However, cases have increased in recent years as capabilities and specialisms such as network intrusion have advanced. This paper provides an overview of the cyber threat landscape with respect to the financial sector see figure 1. Each section also includes a focus piece describing a particular technology problem. The summary of observations and conclusions includes a review of advances in cyber resilience testing schemes.

Only eighteen months have passed since the last Carnegie FinCyber paper on the cyber threat landscape. But a lot has happened since, most notably the largest-scale public health emergency in a century. Cyber threat actors have not stood still in this period. Many groups have been capitalizing on the turbulence in order to up their game and exploit their victims.

Stepping back from this, however, the predominant motivations have not changed see table 1. The nature of these enduring threats is such that they change little over time.

While their tools and techniques evolve, it is likely this rough segmentation will serve as a useful model for years to come. One vector all of these groups use is the targeting of outdated and legacy technology within enterprise networks see box 1.

Financial services firms, from central banks to retail banks and insurers, have been grappling with legacy infrastructure for many years. While this is true of many, if not all, other sectors, the problem is especially acute in finance due to the widespread reliance on core systems that are many decades old and that have often been joined together as a result of various mergers and acquisitions.

Many have argued that overhaul of legacy systems should be coupled with taking advantage of cloud technology. For example, legacy login credentials quickly result in current breaches if systems are inadvertently exposed to the internet.

Organizations need to sort out such skeletons in the closet before migrating to the cloud. Among the main principles driving RTGS2 are higher levels of resilience and blending current needs with future-proofing—for example, retaining the financial messaging service SWIFT for connectivity and messaging services but being message-network agnostic in design. While the motivations of the various threat groups have not changed much, the techniques used to achieve their goals continue to evolve.

This section highlights two areas that are key concerns to financial services sector firms today: targeted intrusions and ransom and extortion attacks. Some of the most significant threats to the financial system come from state or organized criminal groups seeking to steal funds.

An overarching trend among threat actors in recent years has been their steady progression into deeper levels of financial infrastructure. Figure 2 highlights different threat groups that specifically target banks and their capability and intent to target different levels of financial infrastructure.

Several of these groups are expert at using sophisticated penetration testing tools, such as Cobalt Strike and PowerShell Empire. They contain features that make detection on enterprise networks particularly difficult. Such features include:. In another recent shift in tactics, criminal groups now steal data from company networks prior to encryption and threaten to publicly release the data on their ransomware blogs if the victim does not pay up. The most commonly targeted sector for this type of ransomware attack is industrial and manufacturing organizations.

However, as discussed in the opening section of this paper, financial services and the financial services supply chain have also been targeted recently. This could do far more damage than a traditional encryption attack, where the costs if no ransom is paid are purely for remediation and IT cleanup. A different twist on a ransom attack is where DDoS techniques are used to create the attack against an organization, rather than ransomware. In recent months there has been an increase in this so-called DDoS for extortion attack mode see figure 4.

The following case study demonstrates the damage a successful ransomware attack can have on a financial services organization. On December 31, , the London-based foreign currency exchange Travelex was hit by a ransomware attack that crippled its network and allegedly stole five gigabytes of documents.

This attack had a devastating effect on Travelex, reducing their operations to pen and paper transactions and impacting a wide range of high street banks that relied upon its currency services. The threat actors responsible for this attack used a prolific ransomware variant called REvil, one of the pioneers in this new wave of data theft ransomware attacks.

The threat group, also called REvil, has since gone on to undertake similar attacks against a wide range of victims. The attackers work on an affiliate model whereby attackers can purchase a subscription to use the malware to perform their own attacks but publish stolen data to a central blog see figure 6. REvil affiliates predominantly favor attacks on the financial and insurance sector.

Although most ransom and extortion attacks target enterprise networks, regardless of where these services are hosted, cloud services have been specifically exploited by criminal groups. Undoubtedly the major technology trend for the finance industry in the last decade is the shift to cloud services.

As more and more companies move to a cloud-first strategy or make some level of transition to the cloud and as the range of services that are available via cloud deployment continues to increase, this trend is likely to remain at the top of C-suite lists for many years to come. Outside of the technical challenges of making this shift, there are a number of security-related concerns that consistently come into play and will feature on many internal risk registers.

Each of the following concerns brings a level of complexity and a requirement for in-house expertise:. The question of configuration remains the main security issue for cloud adoption. Examples of data breaches arising from inappropriately configured cloud storage have been seen in recent years.

Despite improvements by cloud service providers trying to make it harder for these errors to occur, they are still happening. The major cloud platforms each have very high standards of security and extensive resources at their disposal. To date, their security records have been very strong. The question of whether and how a data breach at a cloud provider might occur is an interesting one, but a common viewpoint held across many industry sectors is that data and services are safer in the hands of a major cloud provider than they would be on premises.

It is inevitable that as more and more assets are in the cloud, the threat landscape will shift to focus on technology supply chains and cloud providers—as has already begun to happen.

It is highly likely that critical vulnerabilities that allow for hypervisor or virtual machine breakout meaning that a threat actor on one public cloud instance can compromise others will arise in the future. The arms race between these being discovered by security teams and researchers versus threat actors will be similar to that which plays out in major operating systems and software products. The evolution of the threat landscape features greater collaboration among threat actors.

In , several infections from the North Korea—based Lazarus Group coincided on networks within the same time frames as a Russian-speaking criminal group known as TA A few theories on the nature of the relationship between TA and Lazarus were considered, but the most likely one was a transactional relationship where TA sold victim network access to Lazarus.

While instances of TA and Lazarus overlap may have subsided, overlaps between Lazarus and other criminal operations have come to light. Other incidents of transactional relationships or collaboration appeared again in Infections with the criminal malware Trickbot led to the deployment of Lazarus malware, which might indicate a similar scenario of Lazarus buying access from another party.

Others have reported that a Trickbot-related framework called Anchor was also associated with Lazarus malware. TA, meanwhile, has been busy providing access to other groups. For example, Silence, a Russian-speaking criminal group, also appears to have a relationship with TA Cyber criminals have created an ecosystem that is strengthened by collaboration and transactions to buy or sell products and services. They have capitalized on the intersection of cyber crime and fraud in their operation of modern criminal enterprises; an overview of how the flow between a cyber attack and cashing out and money laundering works can be found in a paper recently published by SWIFT and BAE Systems.

Hackers-for-hire is another growing trend. There is a wide scope of these groups in capability, ranging from running information operations to selling complete malware frameworks. Over the course of , significant media attention has emerged around an alleged hackers-for-hire company operating out of New Delhi.

The industry seems to have been targeted around issues of market manipulation, legal cases, and corporate espionage. For financial services, where transactions happen in a fraction of a second, disinformation campaigns are a significant cyber threat and often play a role in large-scale attempts at market manipulation.

The letter was sent to clients and media publications from an authentic-looking email address and was hosted on a website that closely resembled the official BlackRock site. The letter made numerous false claims and was picked up and published widely by various media outlets. Social media and the use of troll farms and bots now means that disinformation campaigns can be incredibly complex, with intentionally misleading messages released and amplified so that they seep into mainstream consciousness and blur the line between fact and fiction.

Financial markets are particularly susceptible to disinformation-driven manipulation because often, the markets are driven by perceptions relating to fears, and the resulting speculation presents opportunities for threat actors to benefit. For example, in May , Metro Bank in the United Kingdom saw its share price drop at least 9 percent after false rumors circulated on WhatsApp and Twitter that the bank was close to collapse and that customers should empty their accounts as soon as possible see figure 8.

With the world in the midst of the coronavirus pandemic, disinformation and misinformation seem to be at an all-time high, with the fear and uncertainty of the modern age feeding into the spread of rumors and fake news, often to the benefit of unseen threat actors.

Concerns around the use of AI-driven deepfake technology being used to commit fraud or gain access to confidential information should apply to all interactions that rely on voice-based authentication, including automated voice recognition authentication as well as more traditional human-based phone calls. Cases of fraudsters seeking to use deepfake technology have been seen, 31 and with the growing development of deepfake technology and the expected ease with which such technology will become available to criminal actors, there is potential for this increasingly to be used in fraud or disruptive cyber attacks.

While the cloud technology paradigm is a pressing issue at present, another technological leap looms large on the horizon.

Quantum computing can provide exponential improvements in processing power by taking advantage of quantum mechanical properties, and while still very much in the research and development stage, quantum computers are likely to become more readily available in decades to come.

For the finance industry, this has a number of implications. First is the question of what quantum computing can offer to improve finance applications: trading calculations and modeling and fraud detection, to start. While quantum computers are not readily available to test, proof-of-concepts have been conducted in this area using quantum-inspired computing.

On the flip side of this is the upheaval that a quantum computing—enabled future will bring to current cryptography. The current expectation is that RSA will be cracked by quantum computing by , with estimates for realization of so-called quantum cryptanalysis being revised down, rather than up.

The timelines relevant to assessing the risk of quantum cryptanalysis involve a number of factors. Predictions from the U. National Institute of Standards and Technology for standardization of algorithms that can provide post—quantum cryptography give as a potential date, but complete implementation of these algorithms and integration with current technology could take twenty years.

A hypothetical financial product or system designed today may be deployed in and could be expected to have a lifetime of twenty years. While these figures are very rough and many of these factors are case-dependent and could change in future, both demonstrate the potential for a period of time where quantum cryptanalysis is available and in which quantum-proof algorithms are not yet widely implemented and integrated with existing technology.

The implications of this are significant for all domains and for all services on the internet. The impact on the financial system will vary on a case-by-case basis, but in general, the emergence of quantum cryptanalysis will require careful planning in mitigation.

For both of the aspects covered above, many organizations are appointing champions to keep on top of developments and to be able to plan for and react to changes in the availability of quantum computing appropriately. In response to the threats outlined in this report, as well as the broader threat landscape, regulators have been increasingly concerned about cybersecurity risks to the financial services sector. Operational resilience, encompassing cyber resilience, has been toward the top of the agenda for financial services regulators including the Bank of England and the Basel Committee.

If organizations do not seek to minimize the occurrence of service disruptions in advance—or to at least detect, respond, and recover quickly when they do occur—there is the potential for significant harm to financial market stability, organization reputations, and consumer finances.

Investment Banking and Financial Services Notes PDF Download

Money and Banking Lecture Notes. Save my name, email, and website in this browser for the next time I comment. The assets column shows what the bank has done with the money. We provide complete financial accounting pdf. Banking and Insurance study material includes banking and insurance notes, banking and insurance book, courses, case study, syllabus, question paper, MCQ, questions and answers and available in banking and insurance pdf form.

Financial Services in India

The Indian financial services industry comprises several key subsegments. These include, but are not limited to- mutual funds, pension funds, insurance companies, stock-brokers, wealth managers, financial advisory companies, and commercial banks- ranging from small domestic players to large multinational companies. The services are provided to a diverse client base- including individuals, private businesses and public organizations. The financial services offered in this segment include:.

We provide complete banking and insurance notes. Banking and Insurance study material includes banking and insurance notes , banking and insurance book , courses, case study, syllabus, question paper, MCQ, questions and answers and available in banking and insurance pdf form. Banking and Insurance Notes can be downloaded in banking and insurance pdf from the below article. A detailed banking and insurance syllabus as prescribed by various Universities and colleges in India are as under. You can download the syllabus in banking and insurance pdf form.

At the time of writing, several financial services firms are working to restore their networks following disruptive cyber attacks.

Read more articles

 - Он обошел систему Сквозь строй. - Да… и… - слова застревали у нее в горле. Он убил Дэвида. Бринкерхофф положил руку ей на плечо. - Мы почти приехали, мисс Флетчер. Держитесь.

Скажи. Сьюзан словно отключилась от Хейла и всего окружающего ее хаоса. Энсей Танкадо - это Северная Дакота… Сьюзан попыталась расставить все фрагменты имеющейся у нее информации по своим местам. Если Танкадо - Северная Дакота, выходит, он посылал электронную почту самому себе… а это значит, что никакой Северной Дакоты не существует. Партнер Танкадо - призрак.

Танкадо прислал нам письмо. ГЛАВА 122 - Шесть минут! - крикнул техник. Сьюзан отдала приказ: - Перепечатайте сверху. Нужно читать по вертикали, а не по горизонтали. Пальцы Соши стремительно забегали по клавишам.

В течение нескольких секунд ни он, ни она не произнесли ни слова.

 Танкадо успел отдать его за мгновение до смерти. Все были в растерянности. - Ключ… - Ее передернуло.

Banking Awareness Notes PDF

5 Comments

  1. Arianne D. 28.05.2021 at 22:02

    Insurance Policy. Life vs General Insurance. Summary. Practice Janalakshmi Financial Services Private Limited, Bengaluru. ➢ RGVN (North.

  2. Gladis S. 31.05.2021 at 00:06

    Lorraine pascale fast fresh and easy pdf analyzing the curriculum posner pdf

  3. Leonard G. 01.06.2021 at 08:09

    Reserve Bank of India Act prohibits drawing of this type of promissory notes i.e. A Bank is a financial institution / financial intermediary that accepts deposits and Nowadays, banks offer many more services apart from their basic business.

  4. Mandy G. 01.06.2021 at 10:10

    Financial service is one of the component of the financial system, Lets look at the meaning and its importance.

  5. Bernard V. 01.06.2021 at 13:55

    India has a diversified financial sector undergoing rapid expansion, both in terms of strong growth of existing financial services firms and new entities entering the market.

riveted and welded joints pdf

Gap between theory and practice and role of managerial economist pdf

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy. See our Privacy Policy and User Agreement for details.