· 6 years ago · Nov 27, 2019, 10:46 PM
1Kumudu
2Hi Yudee
3
4Given the issues in Technology please can you take me through this tomorrow to understand why the MI is not detailed or doesn’t appear to be complete?
5
6I also want to know more on the Business Development MI please. Thanks.
7
8Kind Regards
9Raymond
10
11Sent from my iPhone
12
13Begin forwarded message:
14
15From: Yudee Uzowulu <yudee.uzowulu@ghanabank.co.uk>
16Date: 14 March 2019 at 13:55:28 GMT
17To: Abrar Ahmed <abrar.ahmed@ghanabank.co.uk>, Andrew Essinghigh <andrew.essinghigh@ghanabank.co.uk>, "Sam R. Boison" <Sam.Boison@ghanabank.co.uk>, Bisi Giwa <bisi.giwa@ghanabank.co.uk>, Kwame Sarpong <Kwame.Sarpong@ghanabank.co.uk>, Nikolaos Kouros <nikolaos.kouros@ghanabank.co.uk>, Rajeswari Ray <rajeswari.ray@ghanabank.co.uk>, Richard Agbenu <richard.agbenu@ghanabank.co.uk>, Simon Harrison <simon.harrison@ghanabank.co.uk>, Sebastian Mensah <sebastian.mensah@ghanabank.co.uk>, Dominic Coleman <dominic.coleman@ghanabank.co.uk>, Alex Cole <alex.cole@ghanabank.co.uk>, Anna Mills <Anna.Mills@ghanabank.co.uk>, Ginette Edusei <ginette.edusei@ghanabank.co.uk>, Jihan Turner <jihan.turner@ghanabank.co.uk>, Kweku Nunoo <kweku.nunoo@ghanabank.co.uk>, Festus Mensah <Festus.Mensah@ghanabank.co.uk>, Dave Mitchell <dave.mitchell@ghanabank.co.uk>, Lewis Davison <lewis.davison@ghanabank.co.uk>, Shaista Qureshi <shaista.qureshi@ghanabank.co.uk>, Orna-Edel Boland <orna-edel.boland@ghanabank.co.uk>, Adam Mullins <Adam.Mullins@ghanabank.co.uk>, Netis Kennedy <Netis.Kennedy@ghanabank.co.uk>, Andrae Lowe <andrae.lowe@ghanabank.co.uk>, EXCO <exco@ghanabank.co.uk>, Beatrice Nunoo <Beatrice.Nunoo@ghanabank.co.uk>
18Subject: March MI Reporting Pack and Dashboard
19
20Dear All
21Please find attached this month’s final MI pack and dashboard
22Many thanks,
23Yudee
24 ————
25Yudee
26
27Thanks for the update and the discussion this afternoon. We need to continue to enhance. I am particularly keen on expanding the MI in the areas we spoke about.
28
29Beatrice
30
31Please we need to discuss the monthly MI at EXCO tomorrow. Thanks.
32
33Kind Regards
34Raymond
35
36From: Yudee Uzowulu
Sent: 14 March 2019 13:55
To: Abrar Ahmed <abrar.ahmed@ghanabank.co.uk>; Andrew Essinghigh <andrew.essinghigh@ghanabank.co.uk>; Sam R. Boison <Sam.Boison@ghanabank.co.uk>; Bisi Giwa <bisi.giwa@ghanabank.co.uk>; Kwame Sarpong <Kwame.Sarpong@ghanabank.co.uk>; Nikolaos Kouros <nikolaos.kouros@ghanabank.co.uk>; Rajeswari Ray <rajeswari.ray@ghanabank.co.uk>; Richard Agbenu <richard.agbenu@ghanabank.co.uk>; Simon Harrison <simon.harrison@ghanabank.co.uk>; Sebastian Mensah <sebastian.mensah@ghanabank.co.uk>; Dominic Coleman <dominic.coleman@ghanabank.co.uk>; Alex Cole <alex.cole@ghanabank.co.uk>; Anna Mills <Anna.Mills@ghanabank.co.uk>; Ginette Edusei <ginette.edusei@ghanabank.co.uk>; Jihan Turner <jihan.turner@ghanabank.co.uk>; Kweku Nunoo <kweku.nunoo@ghanabank.co.uk>; Festus Mensah <Festus.Mensah@ghanabank.co.uk>; Dave Mitchell <dave.mitchell@ghanabank.co.uk>; Lewis Davison <lewis.davison@ghanabank.co.uk>; Shaista Qureshi <shaista.qureshi@ghanabank.co.uk>; Orna-Edel Boland <orna-edel.boland@ghanabank.co.uk>; Adam Mullins <Adam.Mullins@ghanabank.co.uk>; Netis Kennedy <Netis.Kennedy@ghanabank.co.uk>; Andrae Lowe <andrae.lowe@ghanabank.co.uk>; EXCO <exco@ghanabank.co.uk>; Beatrice Nunoo <Beatrice.Nunoo@ghanabank.co.uk>
Subject: March MI Reporting Pack and Dashboard
37
38Dear All
39Please find attached this month’s final MI pack and dashboard
40Many thanks,
41Yudee
42 ————
43Kumudu
44
45Fyi and attention. I spoke to you yesterday about liaising with Jack and moving a few things forward on Premises management.
46
47Please ensure you liaise with Jack and download as much as you can and lets move this forward. Get Jody – Ann involved where possible to assist you but we need a full time Premises Expert who will take charge of service tax management with all the Premises issues etc etc.
48
49Speak to myself and Dean this afternoon and keep us posted. Thanks.
50
51Kind Regards
52
53Raymond J.B. Sambou
54Deputy Chief Executive Officer & Chief Operating Officer
Tel: +44 207 653 0432
55Email: Raymond.Sambou@ghanabank.co.uk
56__________________________
Ghana International Bank plc
67 Cheapside, London
EC2V 6AZ
57
58From: Matilda Osei-Agyeman <Matilda.Osei-Agyeman@ghc-uk.org>
Sent: 29 March 2019 11:33
To: Dean Adansi <dean.adansi@ghanabank.co.uk>; Raymond Sambou <raymond.sambou@ghanabank.co.uk>
Subject: Fwd: Ghana High Commission Regina House
59
60
61Sent from my iPhone
62
63Begin forwarded message:
64From: Jack LeRoy <ptnrs@davisleroy.co.uk>
65Date: 29 March 2019 at 11:24:52 AM GMT
66To: 'Matilda Osei-Agyeman' <Matilda.Osei-Agyeman@ghc-uk.org>
67Subject: FW: Ghana High Commission Regina House
68Reply-To: <ptnrs@davisleroy.co.uk>
69Madam,
70
71For your attention.
72
73Regards,
74
75Jack LeRoy
76
77
78From: Support <Support@barrybros.com>
Sent: 28 March 2019 15:08
To: jack@davisleroy.co.uk
Cc: Support <Support@barrybros.com>
Subject: Ghana High Commission
79
80Good Afternoon,
81
82Ghana High Commission has had a number of activations over the last 4 weeks. I was wondering if this is an issue you are aware of. The preventative maintenance is scheduled for Tuesday 16th April but if you need an engineer to attend sooner to investigate this issue, please let me know.
83
84Thank you
85
86Filsan Omar
with kind regards
87for and on behalf of Barry Bros Security
88121-123 Praed Street, Paddington, London, W2 1RL
89T 020 7262 9009
90
91Sales: Email sales@barrybros.com
92Accounts: Email accounts@barrybros.com
93Locksmiths: Email locks@barrybros.com
94Electronics: Email support@barrybros.com
95Key Dept: Email keys@barrybros.com
96Safes: Email safes@barrybros.com
97General Enq: Email info@barrybros.com
98
99
100
101Confidentiality and Disclaimer: This email and its attachments are intended for the addressee only and may be confidential or the subject of legal privilege. If this email and its attachments have come to you in error you must take no action based on them, nor must you copy them, distribute them or show them to anyone. Please contact the sender to notify them of the error. This email and any attached files have been scanned for the presence of computer viruses. However, you are advised that you open any attachments at your own risk. Please note that electronic mail may be monitored in accordance with the Telecommunications (Lawful Business Practices) (Interception of Communications) Regulations 2000.
102
103Barry Bros Security VAT Reg. No. 240 1209 22. Registered Office: 121-123 Praed Street, Paddington, London W2 1RL
104 ———
105Dear All
106
107On behalf of the CEO I am pleased to announce the appointment of Elena Tion as our new Chief Risk Officer reporting to Dean Adansi CEO. Elena joined us on Monday 1st April 2019. She will work with Ed Lord Interim CRO and the Risk team to continue to enhance our Risk Management tools and processes.
108
109Elena Tion has over ten years professional experience in the Financial Services sector. She has considerable risk management technical and practical knowledge gained from both consulting (PwC and Mazars) and banking industry. Prior joining GHIB she was Chief Risk Officer (SMF4 authorised) at Persia International Bank Plc. During her career she has developed an in-depth knowledge of Basel Accords, CRD IV and UK prudential requirements. Elena has worked in the UK and in Europe on assignments focused on developing risk management and risk appetite frameworks, strengthening risk culture, developing ICAAP, ILAAP, Pillar 3 and RRP documents, completing regulatory returns (COREP and FSA returns), performing the EU-wide stress tests and providing training on risk management, risk appetite and risk culture at all levels within financial institutions.
110
111Elena holds the EDHEC Global MBA (Finance), the SDA Bocconi Risk Manager Certificate Program and a Master degree in Management & Economics. She has solid experience developing new and challenging projects in high-pressure situations.
112
113Please welcome Elena to the Bank.
114
115Kind Regards
116
117Raymond J.B. Sambou
118Deputy Chief Executive Officer & Chief Operating Officer
Tel: +44 207 653 0432
119Email: Raymond.Sambou@ghanabank.co.uk
120__________________________
Ghana International Bank plc
67 Cheapside, London
EC2V 6AZ
121 ———
122
123Payment Services Directive 2 (PSD2)
124Option Paper for Board Approval
125Table of Contents
1261. Background 3
1272. Key Dates 4
1283. GHIB Current Position 4
1294. Building the Required Technology Infrastructure for PSD2 5
1305. Options Available 5
1315.1. ‘Token’ (SaaS) based SDK for PSD2 6
1325.2. ‘Responsiv Cloud’ Based Secure Payment Gateway 6
1335.3. Temenos PSD2 Solution 7
1345.4. Token & Responsiv SaaS Solution - Pros & Cons 8
1355.5. Temenos PSD2 - Solution pros & cons 9
1366. Cost 9
1377. Recommendation 10
1388. Recommendation Rationale 10
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159Project Name: PSD2
160Date: Release: Draft/Final
161Author:
162 Kumudu Amaratunga
163Owner:
164 Kwame Sarpong
165Client:
166 NA
167Document Number:
168
169
170
171
172
173
174
175
176Revision History
177Date of next revision:
178Revision Date Previous Revision Date Summary of Changes Changes Marked
17928 Feb 2019 NA Initial Draft NA
18006 Mar 2019 1.0 Amendments to the Costs 1.1
18112 Mar 2019 1.1 Amendments to recommendation 1.2
18217 Apr 2019 1.3 Tier 2 Recommendation 1.3
183
184
185Approvals
186
187This document requires the following approvals. A signed copy should be placed in the project files.
188Name Signature Title Date of Issue Version
189
190EXCO 04 March 2019 1.2
191
192EXCO 17 April 2019 1.3
193
194
195
196
197Distribution
198
199This document has been distributed to:
200Name Title Date of Issue Version
201PWC 04 March 2019 1.2
202EXCO
203
204
205
206
207
208
209
2101. Background
211
212The Payment Services Directive 2 (PSD2) [EU 2015/ 2366] is a proposal by the European Union the European Union to create a safer and more creative payments system across the EU ‘internal market’.
213
214Member States including United Kingdom (despite Brexit), must adopt this directive into national law and bring it into force as from 13th January 2018.
215
216PSD2 contains regulations of new services to be operated by so-called Third-Party Payment Providers (TPP) on behalf of a Payment Service User (PSU). These new services are
217
218
219• Payment Initiation Service (PIS) to be operated by a Payment Initiation Service Provider (PISP) TPP as defined by article 66 of [PSD2],
220
221• Account Information Service (AIS) to be operated by an Account Information Service Provider (AISP) TPP as defined by article 67 of [PSD2], and
222
223• Confirmation of the Availability of Funds service to be used by Payment Instrument Issuing Service Provider (PIISP) TPP as defined by article 65 of [PSD2].
224
225
226To operate the new services, a TPP needs to access the account of the PSU which is usually managed by another PSP called the Account Servicing Payment Service Provider (ASPSP). As shown in the following figure, an ASPSP has to provide an interface (called "PSD2 compliant Access to Account Interface" or short "XS2A Interface") to its systems to be used by a TPP for necessary accesses regulated by [PSD2]:
227
228
2292. Key Dates
230
231• January 2016: PSD2 came into force
232• November 27, 2017: The Regulatory Technical Standard (RTS ) were released
233• January 2018: Each country had to transpose the Directive into national legislation
234• End of February 2018: The RTS are expected to be formally approved by the European Parliament and the European Council, opening the 18-month delay for their actual implementation
235• There is a mandatory requirement that a Sandbox be in place by the 14th March 2019 to demonstrate to the regulator that GHIB will enable TPPs to perform required testing
236• By 14 June, those seeking exemptions from the contingency mechanism requirement will need to have submitted their applications to the FCA
237• September 2019: Payment Service Providers (PSPs) must be ready to go, having implemented the RTS security and functional requirements.
238• 14 September 2019 , any contingency mechanism exemptions will need to be in place and all payment service providers will need to comply with the new strong customer authentication rules.
239The new version of the RTS introduces some interesting new elements to the calendar. The first new element is that banks will have to offer their open APIs to Third-Party Providers (TPPs) for testing and integration, 6 months before the final implementation date. This means that their APIs must be ready not by September 2019, but six months earlier: March 2019.
240
2413. GHIB Current Position
242
243Ghana International Bank (GHIB) addresses a range of key business areas, including Correspondent banking, Treasury services, International trade finance, Transaction services, Retail banking and Corporate banking.
244
245In view of the range of business areas, in June 2018, it was decided to appoint a third-party consultancy firm “Grant Thornton” (GT) to conduct an assessment on behalf of GHIB.
246
247The principal objective of this assessment is to provide GHIB management with insights on the bank’s implementation of PSD, based upon, people, process and technology.
248
249Having completed the assessment GT has made a number of key recommendations, intended to prepare GHIB for PSD2.
250
251Having taken the recommendations onboard, the Executive Committee (EXCO) appointed a working committee (PWC) to implement a GHIB PSD2 compliance program.
252
253
254
255
2564. Building the Required Technology Infrastructure for PSD2
257
258The technology Infrastructure plays a vital role in delivering a successful PSD2 compliance program.
259
260Based upon the GT assessment, supported by internal evaluation of our Infrastructure, it is understood that GHIB requires some additional technology infrastructure to be built around the existing core banking platform (Temenos T24 ). This is required to open up the payment gateway for third-party service providers (TPP), to be used on behalf of payment service users (PSU).
261
262Requirement Brief
263
264• Base Platform
265 T24 and surrounding systems need modification and new developments
266• Application Program Interface (API)
267 Set of API’s (TPP onboarding, account inquiry)
268• Events
269 API events and routine calls
270• Internal Integration
271 Sandbox requirements
272 Other Systems (i.e. FCM)
273 Core banking Security and payment system
274• Physical connection ( Virtual Private Network [VPN] etc. )
275• Strong Authentication (SCA)
276• System Integration Testing (SIT)/User Acceptance Testing (UAT)
277
2785. Options Available
279
280GHIB has started investigating the options available for the bank to implement the technology and interface required for the PSD2 compliance program.
281
282After numerous business conversations and technical discussions, the project team short listed three alternative technical options to help deliver PSD2, as follows;
283
2841. ‘Token’ Software as a Service (SaaS) based Software Development Kit (SDK)
285
2862. ‘Responsiv cloud’ based payment gateway solution
287
2883. Temenos PSD Solution
289
290
2915.1. ‘Token’ (SaaS) based SDK for PSD2
292
293Token provides a fully hosted (SaaS) based solution and manages all critical aspects of PSD2/RTS. This is claimed to provide a superior customer experience via a single, open, secure API.
294Token SDK can integrate seamlessly with any core banking systems including Temenos T24 with some local development.
295
296
297
298
299
300
301
302
3035.2. ‘Responsiv Cloud’ Based Secure Payment Gateway
304The platform provides a multi-tenant cloud hosted service and be consumed by the bank in the same way as Software as a Service (SaaS) is.
305The platform provides API hosting, Developer self-service portal, Identity Management (including strong authentication), a testing environment that mimics production behaviour, and an internal bridge for integration.
306
307
308
309
310
311
3125.3. Temenos PSD2 Solution
313
314Temenos provides a fully integrated front-to-back API-based solution architecture that enables three levels of response.
315
316The Solution Architecture proposed by Temenos not only complies with PSD2 requirements, but it also enables the implementation wider API-based framework that capitalises on the investment required for the regulation.
317
318This architecture fully corresponds to the commonly accepted industry definition of an API-based technology platform for open banking and fully integrated with any version of T24 platform including (Release 13 - GHIB Running )
319
320
321
322
3235.4. Responsiv SaaS Solution - Pros & Cons
324
325Pros Cons
326Sass provide a clean independent platform
327 The developer must have enough time to learn new features present in this pre-processor before using it.
328
329Maintenance is easier because applications do not need to be installed on each core system and the vendor can deploy patches and updates throughout the environment at a faster rate.
330 Lack of control and security concerns
331
332Better Resilience and redundancy due to multiple data centre hosting Performance issue concern
333Good ‘Scalability’ provided via many subscription options and flexibility to change Lack of user cases and possible ‘new technology’ risks.
334 High monthly/quarterly/annual subscription costs (OPEX)
335 Back end of the core banking system still needs local development to suit the SaaS model (Integration). This could lead to very expensive and time-consuming development and testing. It also poses a risk that development may not fully comply with regulation, due to time/cost restrictions.
336 T24 PSD 2 mandatory modules are still required for SaaS implementation to fully comply with PSD2.
337
338
339
340
3415.5. Temenos PSD2 - Solution pros & cons
342
343
344Pros Cons
345One-stop- shop for PSD2 compliance.
346Temenos take full responsibility for developing all the required artefacts and functions Limited flexibility when integration with other products is required.
347Easy integration with T24 since the solution is built around T24 and its online banking applications (TCIB application) Increased dependence upon Temenos. Requires a long-term agreement with Temenos
348Better support and integration help throughout Sandbox not available at present
349Better value for money
350Temenos assumes responsibility for providing a fully compliant module including consent
3515.6 Token - Solution pros & cons
352
353Pros Cons
354Sass provide a clean independent platform
355 The developer must have enough time to learn new features present in this pre-processor before using it.
356
357Maintenance is easier because applications do not need to be installed on each core system and the vendor can deploy patches and updates throughout the environment at a faster rate.
358 Lack of control and security concerns
359
360Better Resilience and redundancy due to multiple data centre hosting Performance issue concern
361Good ‘Scalability’ provided via many subscription options and flexibility to change Lack of user cases and possible ‘new technology’ risks.
362Token is regulated by the FCA Annual subscription costs marginally high (OPEX)
363Token is more open to global open banking opportunities and developments across the business. Back end of the core banking system still needs local development to suit the SaaS model (Integration). This could lead to very expensive and time-consuming development and testing. It also poses a risk that development may not fully comply with regulation, due to time/cost restrictions.
364Guarantees compliance prior to deadline and with final RTS Local dev required (T24)
365Go beyond compliance with continues development of new capabilities that open new revenue streams
366Distributed Denial of service (DDoS) protection
367Consent management and Triparty TPP Management
368Monitoring and reporting to UK regulator (FCA)
369SCA exception handling
370
3711. Cost
372* Subject to 3-year agreement
373Token* Responsiv* Temenos
374£ 70, 000 * (Per annum / recurring payment) £ 70, 0000 *Secure Payment Gateway on Cloud Platform
375
376£41,539 PX module licence (one off payment)
377£ 30,000 (Implementation) £12,000 *TPP API pack £36,346 PZ module licence (one off payment)
378£125,000 Integration Cost T & M £12, 000 *Account information API £23,602 R13 backpatch (one off payment)
379Sandbox - £30,000 – Cost will be subtracted from total cost if full solution is taken £24, 000 onboarding (one off) £ 22,815 Interaction framework (optional)
380 £115,000 integration T & M £21, 312 Annual Maintenance
381 £41,539 PX module licence (one off payment) Sand Box - £ TBC
382 £36,346 PZ module licence (one off payment) £75,000 implementation & integration cost
383 £23,602 R13 backpatch (one off payment) Third-party apps to expose API calls need Token or any other vendor product based on Token price £ 70,000
384 £21, 147 Annual Maintenance
385Total Cost: £225,000
386
387(first year cost and then minus CAPX)
388
389CAPX £155,000
390OPEX £70,000 £ 347,634
391
392(first year cost and then minus CAPX)
393
394CAPX £240,487
395OPEX £115,147 £ 267,799
396
397(first year cost and then minus CAPX)
398
399CAPX £176,487
400OPEX £91,312
401Note:
402
403Internal resource cost has not been estimated in this paper and does need to be factored into the future project plan along with its implications for staff and cover etc.
404
4052. Recommendation
406 Tier 1
407
408The project team recommends a two-tier decision process. Tier one which is urgent, is approving the provision of the Sandbox by Token before the regulatory deadline (14th March 2019). Implementations completed, and Sandbox is available for external parties.
409
410Tier two will be to review the solution providers again once the Sandbox is in place and decide on the best option from the 3 available. Depending how the Sandbox implementation goes, the project team will provide further recommendation to EXCO regarding most suitable option.
411
412Tier 2
413GHIB conducted another round of consultation with venders to select service provider to implement PDS2 solution (Jun/Sep deadline), Responsiv has come up with a counter offer to match the Token bid, Temenos also brought up one of their preferred integrator with new implementation proposal. Project team has carefully reviewed all these proposals and based on the information available and the track record of the companies in the bid, GHIB project team recommends Token Inc as our preferred partner. Project team is fully confident that Token Inc can deliver the PSD2 solution and any future Open Banking initiatives GHIB wishes to take.
4143. Recommendation Rationale
415
416Our initial decision was to go with Temenos as provider for both the Sandbox and the full integration of PSD2 requirements with our core banking system. We however came to realise on the 7th March, after 2 weeks of waiting on Temenos that they do not have a Sandbox that is deployable by the deadline of the 14th March. In fact, no estimated date has been provided which gives the project team huge doubt about Temenos’ capability to successfully implement the subsequent PSD2 requirements for the Bank by the deadline in September 2019.
417
418Having re-reviewed the three options, it is evident that the solutions are capable of meeting GHIB PSD2 compliance requirements albeit with doubts about the Temenos solution.
419
420Responsiv is a particularly strong candidate with a large array of features available in the cloud.
421
422The Temenos solution is very compelling considering that the GHIB core banking platform is T24 (which translates to an easier integration process) and considering the complexity, cost, tight delivery deadline and possible risk to the business. However, considering the latest developments stated above, the project team has looked to find a more solid solution.
423
424Token has ability to build fully customised PSD2 compliance back end-to -front end system. Token is also able to provide us the Sandbox by the 14th of March with minimal effort internally. The proposed Token solution also provides the assurance that the Sandbox will be compliant with PSD2 regulations based on RTS (scheduled 36.6). Token also offers the lowest cost in comparison to the other 2 options.
425
426
427Tier 2 Rational (Recommendation Token)
428
429Token PSD2 SaaS solution addressing the difficult task of compliance while allowing GHIB to focus on new open banking opportunities. It is the only solution out of three options discussed in this options paper fully meets PSD2 requirements, including the Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) and common and secure open standards of communication.
430Token also provide GHIB with fastest and least expensive path for GHIB to become compliant and expand into data aggregation and payment services.
431With relatively small local development project team believe GHIB can connect to Token banking integration SDK. Typical implementation time can be 90 days, and this will help GHIB to achieve regulatory deadline, optionally GHIB may choose to use the Token client SDK to integrate client capabilities with GHIB online banking platform by independently developing Mobile Banking App, it will position GHIB to move away from non- standardised custom-built mobile app which can be expensive and difficult to maintain throughout its life cycle.
432
433To give GHIB additional comfort and confidence of our preferred solution (Token), Mastercard plc (Multinational Financial Services) has onboarded Token as their preferred partner to deliver PSD2 program and other Open Banking initiatives. This is a clear identification of Token’s ability to deliver complex systems that meets the regulatory requirements stipulated in PSD2.