Thread Options
#2004929 - 03/30/15 02:46 PM IT department won't give open access to BSA dept
Cher Offline
Member
Joined: Oct 2003
Posts: 98
Florida, USA
Our IT department has recently installed a new firewall and our BSA department no longer has open access to perform BSA due diligence searches. They have assigned us more open access that the rest of the institution, but we are constantly getting blocked and the IT manager won't open it up as he says it puts the rest of the network at risk. We do appreciate that, so I was wondering what other banks are doing to protect their network while still giving their BSA folks unlimited internet search access.

Return to Top
BSA/AML/CIP/OFAC Forum
#2004933 - 03/30/15 02:58 PM Re: IT department won't give open access to BSA dept Cher
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
If you need a tool, FinCEN 2014 - A007 has a section dealing with the availability of information. As this new restriction appears to be a step backward, it may draw some regulatory attention based on how critical it is to your research.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#2004950 - 03/30/15 03:30 PM Re: IT department won't give open access to BSA dept Cher
AMLMGR Offline
Junior Member
Joined: Jan 2010
Posts: 35
Can the IT department put role based access into place for the database? We have non-edit or business partner rights into any database we use for research that is not owned by our department

Return to Top
#2004963 - 03/30/15 03:42 PM Re: IT department won't give open access to BSA dept Cher
Cher Offline
Member
Joined: Oct 2003
Posts: 98
Florida, USA
"We have non-edit or business partner rights into any database we use for research that is not owned by our department"

What does that mean?

Return to Top
#2004965 - 03/30/15 03:47 PM Re: IT department won't give open access to BSA dept Cher
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 79,234
Galveston, TX
They are limiting your access to what sites that you use for due diligence??

Last I checked, IT was a service department.

1. You are responsible for determining what you need to do your job.

2. They are responsible for determining how to safely provide you with that access.

3. Them saying "no" is not part of their job description.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2004980 - 03/30/15 04:09 PM Re: IT department won't give open access to BSA dept Cher
Cher Offline
Member
Joined: Oct 2003
Posts: 98
Florida, USA
I think they're willing but unable to adequately accomplish point #2 on RLCAREY's response. Many times our searches will take us to sites with objectionable material etc. and that is just the nature of what we do. However, they don't know how to give us open access while at the same time insulate the rest of the network from something from one of those sites. I can't imagine this is something new as every bank I've spoken to has their BSA people with unlimited access.

Return to Top
#2004990 - 03/30/15 04:31 PM Re: IT department won't give open access to BSA dept Cher
jaenelle Offline
Member
Joined: Sep 2005
Posts: 50
Kansas
I'm really confused as to what kind of sites a BSA search would even require you to look at. Are these customers' websites?
_________________________
-- Kati (President)

Return to Top
#2004993 - 03/30/15 04:38 PM Re: IT department won't give open access to BSA dept Cher
bonette Offline
100 Club
Joined: Apr 2007
Posts: 117
georgia
Could they give you a laptop with internet access that is not tied to your network?

Return to Top
#2004994 - 03/30/15 04:42 PM Re: IT department won't give open access to BSA dept Cher
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 79,234
Galveston, TX
There are many ways to skin a cat, as "bonette" just pointed out. The fact that they are just saying no shows a lack of imagination.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2005003 - 03/30/15 05:04 PM Re: IT department won't give open access to BSA dept bonette
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
Originally Posted By bonette
Could they give you a laptop with internet access that is not tied to your network?


A Chromebook connected to wi-fi is an inexpensive way to do that. You can open a g-mail account to email yourself PDF screen shots of what you find.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'

Return to Top
#2005014 - 03/30/15 05:38 PM Re: IT department won't give open access to BSA dept Cher
Cher Offline
Member
Joined: Oct 2003
Posts: 98
Florida, USA
I suggested that but it gets a little cumbersome to have a different machine and also we would have to give everyone in the department 2 machines. I'm really reaching out in this forum to see what others are doing in their bank. Are your BSA people given full access? If so, how does the IT department ensure that safety of the network?

In answer to Jaenelle's comment - We review client's websites during our due diligence and some of our clients are in certain industries that might be considered objectionable. That website would be blocked and we would have to stop and request access, wait for the site to whitelisted and then we can proceed. Its very time consuming.

Return to Top
#2005044 - 03/30/15 07:28 PM Re: IT department won't give open access to BSA dept Cher
thisisme08 Offline
Junior Member
Joined: Oct 2012
Posts: 47
TBH this doesn't sound that different than what is considered normal when IT puts a web filtering software on.

Normally you end up with a breakdown like this;

*Exec--full access (even though they shouldn't because they are the most likely for a phishing and other attacks)

*Officer/Compliance/BSA--essentially open access but sites such as shopping, Youtube and others questionable sites are blocked

*CSR--Only sites that they need to do their job (Sec. of State searches, check ordering etc.)

*Tellers--Nothing.

I'm assuming you are reviewing a customer's website in order to determine if they are offering any *extra* services they didn't tell you about but personally I find that step to be slightly above and beyond in performing it for all customers.

The one item method no one else has mentioned is to simply use your own personal cell phone/tablet.
_________________________
...learning as I go.

Return to Top
#2005058 - 03/30/15 07:43 PM Re: IT department won't give open access to BSA dept Cher
LiveFromNYC Offline
100 Club
Joined: Nov 2004
Posts: 101
Had a similar issue at my bank. When they would not open entirely, I was forced to send a ticket to the IT Help Desk explaining why I needed access to a specific site and typically the site's url would then be added to a Domain Safe List. After having done that many times, they decided to give me an off-network laptop to perform our searches.

Last edited by LiveFromNYC; 03/30/15 07:44 PM.
Return to Top
#2005062 - 03/30/15 07:50 PM Re: IT department won't give open access to BSA dept Cher
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 79,234
Galveston, TX
Originally Posted By Cher
I suggested that but it gets a little cumbersome to have a different machine and also we would have to give everyone in the department 2 machines.



Really - everyone? I think someone else might not be using their imagination. Maybe you need to reassess who uses the internet for BSA research and why.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2005138 - 03/31/15 02:39 AM Re: IT department won't give open access to BSA dept Cher
JacF Offline

Power Poster
Joined: Nov 2001
Posts: 6,719
PA
Originally Posted By Cher
However, they don't know how to give us open access while at the same time insulate the rest of the network from something from one of those sites.


Perhaps you could suggest inviting the vendor in to show IT how to configure the web filter and give BSA their own access profile?

Return to Top
#2005247 - 03/31/15 04:07 PM Re: IT department won't give open access to BSA dept thisisme08
ItNeverEnds CRCM Offline
Platinum Poster
Joined: Oct 2006
Posts: 992
Looking for my sanity
Originally Posted By thisisme08
TBH this doesn't sound that different than what is considered normal when IT puts a web filtering software on.

Normally you end up with a breakdown like this;

*Exec--full access (even though they shouldn't because they are the most likely for a phishing and other attacks)

*Officer/Compliance/BSA--essentially open access but sites such as shopping, Youtube and others questionable sites are blocked

*CSR--Only sites that they need to do their job (Sec. of State searches, check ordering etc.)

*Tellers--Nothing.

I'm assuming you are reviewing a customer's website in order to determine if they are offering any *extra* services they didn't tell you about but personally I find that step to be slightly above and beyond in performing it for all customers.

The one item method no one else has mentioned is to simply use your own personal cell phone/tablet.


Groups like thisisme08 describes above are pretty common and what I've experienced. Hopefully your BSA Officer should be at the highest level, with virtually no restrictions, your BSA staff could be staggared with access (depending on how many you have and the different levels of staff).

I'm not a big fan of blocking sites "just because", or blocking Facebook or YouTube so staff won't waste time looking at it. Sites should be blocked based upon risk to the bank, and I can make an argument that all staff should/need to have at least some access to the internet, tellers included, they're not robots, they're people. You do need a strong Information Security training program for everyone. Like Randy said, there is there more than one way to skin a cat and not just with Internet access restrictions, as you can get around many of these restrictions with emails, personal devices and such, so IT needs to think hard about the types of restrictions they put in place and the protections the bank has. A teller can just as easily email themselves from their personal email a virus/malware embedded document as they can click on a link.

They key is training, including heavy social engineering training. Cher - I think your IT department needs a little training themselves.

My my 2 cents.
_________________________
"The reason I talk to myself is because I'm the only one whose answers I accept."
- George Carlin

Return to Top

Moderator:  Andy_Z