MOVEit Transfer Vulnerability: Lack of Supply Chain Visibility Exacerbates Breach View Post

K. Financial Risk

This domain covers the financial controls you have implemented to prevent, identify, and respond to evidence of financial risk.

01) Is your organisation a legally registered entity?

Answer yes if your organisation is a legally registered entity and upload proof of registration (as a PDF file, this is typically a certificate of incorporation) as evidence. Please note the country or jurisdiction in which your company is registered in the notes.

Procurement Risk
Registered Entity
Read more

02) Does your organisation have enough working capital to remain viable for the next 12 months?

Answer yes if your organisation has enough working capital to remain for the next 12 months.

Procurement Risk
Financial Stability
Read more

03) Does your organisation have 3 years (or more) of published annual accounts?

Answer yes if your organisation has 3 years (or more) worth of published annual accounts. Please upload the last 3 years of accounts as evidence. If your organisation has less than 3 years, please upload any accounts that have been published (as PDF files).

Procurement Risk
Annual Accounts
Read more

04) Does your organisation have a documented set of policies and procedures for managing compliance with all applicable anti-money laundering (AML) laws and regulations, including anti-terrorism financing laws and regulations, within the jurisdictions that you operate?

Answer yes if your organisation has an established and documented framework for maintaining anti-money laundering compliance with all applicable laws and regulations. Please upload (as a PDF file) a document outlining the framework as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
AML
Anti-money laundering
Read more

05) Does your organisation have a documented set of policies and procedures for managing compliance with all applicable anti-bribery and corruption (AB&C) legislation or regulations in the jurisdictions in which you operate?

Answer yes if your organisation has a documented set of policies and procedures for managing compliance with all anti-bribery and corruption (AB&C) legislation or regulation in the jurisdictions you operate. The policies and procedures should, as a minimum, cover your organisations top level commitment to preventing bribery, your organisations policy and related procedure for receiving or giving gifts, entertainment, and hospitality, your organisations policy on charitable donations and sponsorships, and your organisations policy on third party relationships. Please upload the relevant files (as PDF files) as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
AB&C
Anti-bribery and Corruption
Read more

06) Does your organisation have a policy to manage conflicts of interest relevant to anti-bribery and corruption?

Answer yes if your organisation has a policy to manage conflicts of interest. The policy should provide a framework and instructions that outline when and how an employee should report any conflicts of interest. Please upload the policy (as a PDF file) as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
AB&C
Anti-bribery and Corruption
Read more

07) Does your organisation provide employees with regular anti-bribery and corruption compliance training, including at onboarding?

Answer yes if your organisation provides AB&C compliance training at regular intervals. Please describe the nature and frequency of the training within the notes. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
AB&C
Anti-bribery and Corruption
Training
Read more

08) Does your organisation conduct assurance against its third party suppliers, agents, and sub-contractors to ensure that they have a required level of anti-bribery policies and procedures in place?

Answer yes if your organisation conducts supplier assurance to ensure your suppliers have the correct anti-bribery policies and procedures in place. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
AB&C
Anti-bribery and Corruption
Supplier Assurance
Read more

09) Does your organisation have a documented set of policies and procedures to ensure compliance with financial and trade sanctions?

Answer yes if your organisation has an established and documented set of policies and procedures for monitoring and maintaining compliance with financial and trade sanctions. Please upload your policy and process documents (as PDF files) as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
Sanctions
Read more

10) Does your organisation have a compliance officer or equivalent role dedicated to financial crime, including economic and trade sanction compliance?

Answer yes if your organisation has a compliance officer dedicated to maintaining your organisation's compliance with all applicable financial crime regulations, including economic and trade sanctions.

Financial Risk
Compliance Officer
Read more

11) Does your organisation conduct ongoing due diligence to ensure your company is not dealing with a sanctioned company or individual?

Answer yes if your organisation conducts ongoing checks to ensure compliance with all applicable economic and trade sanctions. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
Sanctions
Due Diligence
Read more

12) Does your organisation have pre-transaction screening processes that makes use of all applicable economic and trade sanctions lists?

Answer yes if your organisation conducts pre-transaction screening that makes use of all applicable economic and trade sanctions lists. Please list the relevant lists used in the notes. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
Pre-transaction Screening
Read more

13) Does your organisation provide employees with regular sanctions training, including at onboarding?

Answer yes if your organisation provides employees with regular sanctions training. Please describe the nature and frequency of the training within the notes. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
Sanctions Training
Read more

14) Does your organisation have an established, consistent, and documented framework in place covering the detection, prevention, response to and investigation of suspicious or fraudulent activity?

Answer yes if your organisation has an established and documented framework for detecting, preventing, responding to, and investigating suspicious or fraudulent activity. Please upload (as a PDF file) a document outlining the framework as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
Fraud Framework
Read more

15) Does your organisation have a documented fraud response plan?

Answer yes if your organisation has a documented fraud response plan. The plan should cover your organisation's internal processes and reporting lines for the reporting and investigation of any instances of fraud Please upload the plan (as a PDF file) as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
Fraud Response Plan
Read more

16) Is financial crime considered at senior management level within your organisation?

Answer yes if your organisation has a member of senior management who is responsible for financial crime or a process for ensuring financial crime risk & treatment action is considered by the senior management team.

Financial Risk
Fraud Officer
Compliance Officer
Read more

17) Does your organisation provide employees with regular fraud prevention training and/or awareness sessions, including at onboarding?

Answer yes if your organisation provides employees with regular fraud prevention training or awareness programmes. Please describe the nature and frequency of the training within the notes. Please check our knowledgebase to review this control's applicability to your organisation.

Financial Risk
Fraud Training
Read more

18) Does your organisation have public liability insurance?

Answer yes if your organisation holds a valid public liability insurance policy. Please provide the certificate of insurance (as a PDF file) as evidence.

Public Liability Insurance
Read more

19) What is the limit of your organisation's public liability insurance policy (in GBP)?

Please state the limit of the cover in GBP (if in another currency, please convert to GBP).

Public Liability Insurance Limit
Read more

20) Does your organisation have professional indemnity insurance?

Answer yes if your organisation holds a valid professional indemnity insurance policy. Please provide the certificate of insurance (as a PDF file) as evidence.

Professional Indemnity Insurance
Read more

21) What is the limit of your organisation's professional indemnity insurance policy (in GBP)?

Please state the limit of the cover in GBP (if in another currency, please convert to GBP).

Professional Indemnity Insurance Limit
Read more

22) Does your organisation have employers' liability insurance?

Answer yes if your organisation holds a valid employers' liability insurance policy. Please provide the certificate of insurance (as a PDF file) as evidence.

Employers' Liability Insurance
Read more

23) What is the limit of your organisation's employers' liability insurance policy (in GBP)?

Please state the limit of the cover in GBP (if in another currency, please convert to GBP).

Employers' Liability Insurance Limit
Read more

24) Does your organisation have cyber insurance?

Answer yes if your organisation holds a valid cyber insurance policy. Please provide the certificate of insurance (as a PDF file) as evidence.

Cyber Insurance
Read more

25) What is the limit of your organisation's cyber insurance policy (in GBP)?

Please state the limit of the cover in GBP (if in another currency, please convert to GBP).

Cyber Insurance Limit
Read more