PREVENTIVE VIGILANCE IN BANKING
This post on JAIIB’s Study Material for 2022 Exams talks about Preventive Vigilance in detail to get some good scores.
How have you been? Hopefully, ready to crack the exams!
If you find your confidence lacking, then you can try practicing mock tests of JAIIB to level up. You can start solving by registering on our app or website here:
- Android App: LS PRO & Website: iibf.info or
- Android App: IIBF LEARNING CENTER
- iOS App: My Institute
- Website: Learning Center (Code: gegkt)
Now to our topic: VIGILANCE FUNCTION IN BANKS
The dictionary meaning of Vigilance is – vigilance and caution to detect danger, to be ever awake and alert.
While vigilance is important in all walks of life, exercising vigilance becomes more critical in the financial sector and especially for institutions such as banks that handle all the public money.
Banks, which act as intermediaries between depositors and lenders, are required to adhere to the highest standards of safeguards to ensure that money received from depositors is not misused and used for profit-making or is available to them for payment on demand. To ensure this, banks are not only required to carry out due diligence on borrowers, but are also expected to put in place appropriate safeguards to ensure that transactions carried out by staff are in accordance with established guidelines.
The vigilance enforced by the vigilance function is necessary so that:
The public money held by the banks in a fiduciary capacity cannot be misused by delinquent elements in any way.
TYPES OF VIGILANCE IN BANKS:
There are mainly 3 types of vigilance in banks:
Preventive vigilance sets up procedures and systems that limit acts of misconduct and misconduct in various areas of departmental functioning.
Detection of corrupt practices, malpractices, negligence, misconduct and better supervision of public contact points.
It involves investigation and collection of evidence and speedy investigation of the department, quick and deterrent action against the real culprit.
What is the goal of vigilance in banks? Why?
Preventive vigilance is aimed at reducing the occurrence of slippage (violation of the law, standard or, generally speaking, a requirement for governance) & Detective vigilance is focused on identifying and verifying the occurrence of a slip while Criminal vigilance is aimed at preventing the occurrence of delays.
Preventive vigilance plays a central role in the vigilance organized at the Reserve Bank of India (RBI). The overall responsibility for vigilance work in RBI rests with the Central Vigilance Cell which exercises its jurisdiction over all the employees of the bank and coordinates the activities of various vigilance units. The cell maintains liaison with the Central Vigilance Commission (CVC) as well as CBI i.e. Central Bureau of Investigation. The vigilance guidelines issued by the CVC are aimed at:
- greater transparency,
- promoting a culture of honesty and
- integrity in public life and
- improving overall vigilance management in organizations under its purview.
RBI has taken several precautionary measures to maintain high standards of integrity. Preventive vigilance is taking various measures to improve systems and procedures to eliminate or reduce corruption. Organizations supervise their employees and customers to avoid any untoward event, incident or accident.
The Objective of Preventive Vigilance:
- Exercising vigilance and diligence by all employees to avoid any untoward incident that may adversely affect the financial or reputational impact of the organization.
- Ensure strict adherence to integrity by all employees and policies, systems and procedures established by the bank so as to protect the interests of the bank.
- Preventive vigilance sets up procedures and systems to limit illegal activity.
- Reduce misconduct in various areas of functioning of any organization.
PREVENTIVE VIGILANCE IN ELECTRONIC BANKING
Phishing attack: Phishing is a type of social engineering attack that is often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker represents himself as a trusted entity tricks a victim into opening an instant message, email, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, a system freeze in a ransomware attack, or the disclosure of sensitive information.
An attack can have devastating consequences. For individuals, this includes unauthorized purchases, theft of funds, or identity theft. They could be through fake emails where:
- The user is redirected to a fake page that looks exactly like the real renewal page of university/bank, where both new and existing passwords are requested. An attacker monitoring the page hijacks the original password to gain access to secure areas on the university network; or
- The user is redirected to the current password reset page. However, during the redirect, a malicious script is activated in the background to hijack the user’s session cookie.
TECHNIQUES OF PHISHING:
where an attacker sends thousands of fraudulent messages to obtain significant information and financial sums, even if only a small percentage of recipients fall for the scam by going to great lengths to design phishing messages to mimic real emails from a fake organization & making messages appear to be legitimate.
Additionally, attackers typically try to get users to take action by creating a sense of urgency.
Phishing can also gain access in corporate or government networks as part of a larger attack, such as an (APT) event. In which employees are compromised to bypass security perimeters, distribute malware in a closed environment, or gain privileged access to secure data.
An organization that succumbs to such an attack usually suffers serious financial losses in addition to declining market share, reputation and consumer trust. Depending on the scale, a phishing attempt can escalate into a security incident that will be difficult for the business to recover from.
Spear phishing targets a specific person or business, as opposed to random app users. It is a more detailed version of phishing that requires special knowledge about the organization, including its power structure. An attack can proceed as follows:
- The perpetrator examines the names of employees in the organization’s marketing department and gains access to the latest project invoices.
- An attacker impersonating the Marketing Director sends an email to the department’s Project Manager (PM) with the subject line Updated Campaign Invoice for Q3. The text, style, and included logo duplicate the organization’s standard email template.
- The link in the email redirects to a password-protected internal document that is actually a fake version of the stolen invoice.
- The PM is asked to log in to view the document. Attacker steals the credentials & gains full access to sensitive areas within the network.
By providing the attacker with valid credentials, spear phishing is an effective method for executing the first stage of an Advanced Persistent Threat.
Protection against Phishing:
Protecting against phishing attacks requires action by both users and businesses. Vigilance is the key for users. A fake message often contains subtle errors that reveal its true identity. They can include:
- spelling mistakes or
- domain name changes
Users should also stop and think about why they are receiving such an email in the first place.
There are a number of steps that can be taken to mitigate phishing and spear phishing attacks:
- Two-factor authentication (2FA) is the most effective method to combat phishing attacks because it adds another layer of authentication when logging into sensitive applications. (2FA relies on users having 2 things: something they know, like a password and username, and something they have, like their smartphones. Even if employees are compromised, 2FA will prevent their compromised credentials from being used, as these alone are not sufficient to gain entry.)
- Educating the staff can also help reduce the threat of phishing attacks by enforcing safe practices such as not clicking on external email links.
- Organizations should also enforce strong password management policies i.e. change their passwords frequently and should not be allowed to use a password for multiple applications.
So, if you liked these notes on JAIIB PPB, tell us in the comments & to read more free notes & free mock tests for JAIIB 2022, head to our website: LearningSessions.in