Firm Name: Hirett Ltd
Date: 20 June 2020
Assessment of the operational and security risks related to the payment services the firm provides
List of business functions, processes and information assets supporting payment services provided and classified by their criticality
We take seriously the threat of disaster, including loss of access to premises or systems or other circumstances that could impact our ability to service clients. Our assessment and disaster recovery policy for each prime scenario is documented in this report and is designed to mitigate key risks to continuity of client service. Our relatively small size makes us able to adapt very rapidly to changing situations to ensure continuity of customer service.
Our core activities include:
- Money remitter
- Foreign exchange provider
- Bureau de change
Our clients are:
- Private clients
- SME companies
Our information and other assets supporting payment services provided are:
- Key personnel
- Computers, servers, storage and other devices
- IT systems and software
- Customers’ and other types of data
- Premises and furniture
We identify the following key operational and security risks related to the payment services our firm provides:
- Loss of access to server/data
- Loss of access to premises
- Loss of key personnel
- Attempts to use our services for money laundering and terrorist financing
- IT systems
Risk assessment of functions, processes and assets against all known threats and vulnerabilities
All IT equipment is suitably protected with the latest antivirus software which is updated on a regular basis whenever an update becomes available. IT equipment is also physically protected with the use of secure locks.
Customer authentication is carried by physically and meticulously confirming client ID’s with their identity particulars. Confirmation of address and post code, date of birth, transactional history and contact details are all used to further verify clients. Any suspicious transactions or individuals are duly reported using the in-built reporting utilities available to employees which is designed around FCA reporting guidelines.
In terms of security risks, the measures taken as detailed above, are adequate in preventing, reporting and predicting any security breaches or risk of fraud or money-laundering.