EFTA01356664

Toxic combination : A Toxic Combination is a conflict of system access permissions which could allow a user to perform unauthorized activities that should otherwise be prohibited, to avoid a maker/checker situation within a transactional input & approval workflow process. WM set up - The WM profiles are split into groups. 1 Input(Front Office), 2 approvals groups(TAG) and 3 processing (Banking & COB team). A systemic check will only allow a user to have 1 of the 3 profiles. The approval group can neither create nor amend payment messages. Only approval is possible. If a payment change is needed it can only be done by someone from the inputter group. It then needs to be sent to the approver group. Team Front Office DB Force- Case Creator Yes DB Force- Approver Metavante- Metavante- Accounting Static set up entries in client account DBDI- Creator TAG No Yes No No No Banking Profile 1 No No No No No Yes No Yes Yes Yes No No Banking Profile 2 No Client On Boarding No GTB-FMS Payments System DBDI- (Operations does Approver not have access to GTB Payment System) No No hlo Yes No To further elaborate the toxic combination with DBOI as these processes are directly linked: For internal use only CONFIDENTIAL - PURSUANT TO FED. R. GRIM. P. 6(e) DB-SDNY-0042637 CONFIDENTIAL SDNY_GM_00 188821 EFTA01356664