The critical nature of registry security

When it comes to the security of your company’s register data and securityholder information, simply complying with basic industry standards is rarely enough. Security is an ever-present risk for organisations the world over, and the management of registry data and associated transactions carries with it significant financial, reputational and compliance risk. 

In the current economic and technological environment, fraud has become a major threat to registry security. As such, it is paramount that your registrar has the range of security measures in place to protect your securityholder data and assets from growing examples of attempted fraud ranging from identity and mail theft, transfer and cheque fraud and unauthorised acceptances of unsolicited share sale offers.

Not only must your registrar have these measures in place, it must have the ability to make a substantial, ongoing investment to ensure its ability to protect its clients from current and emerging threats.

If this is not the case, your company is at risk.

Protecting you and your securityholders

There are three critical elements of registry security that ensure the highest level of protection for your register data and securityholders: fraud prevention, data and system security, and internal audit.

› Fraud prevention

Critical to fraud prevention is the careful design and operation of internal controls and audit processes, the deployment of forensic technology tools and a process to allow employees to report anomalies and alleged improper conduct (e.g. Whistleblower Policy).

The use of forensic tools such as data warehousing enables the recording of any activity or transactions within registry management systems on a continuous basis. Such tools are ideal for monitoring higher risk transactions including off market transfers, lost holder activity and unclaimed dividends.

In terms of ‘information leakage', the leading product on the market is Vontu (by Symantec). It detects and prevents sensitive information such as tax file numbers, securityholder reference numbers and credit card numbers being stored, e-mailed, or copied to endpoints such as USB sticks and CDs/DVDs.

› Data & system security

As we continue to direct securityholders towards more efficient electronic channels, it is vital to provide a secure environment for securityholders to transact and manage their holdings online. The leading solutions in this area include:

IBM AppScan – a product that searches for security vulnerabilities in web-facing applications and details where vulnerabilities exist. This tool helps registrars strengthen their website security which ultimately protects issuers and their securityholders.

External Penetration Testing - employing the services of specialised penetration testing companies is essential to detecting network security flaws. Once identified, these flaws should be documented, prioritised and fixed in a timely manner.

› Internal audit

By having a dedicated internal audit department, registrars can provide an additional layer of protection to issuers and their securityholders. For example, Computershare’s Internal Audit Department regularly checks, via a series of risk-based reviews, the robustness of our internal controls and staff compliance to established procedures. The Computershare Internal Audit Department reports directly to our independent Risk & Audit Committee. Annual audit plans covering all business lines and information technology are executed by qualified audit staff and all audit recommendations are monitored through monthly status updates which are reported to senior management and the Risk & Audit Committee.

Don’t get caught out

While the current economic downturn will result in many companies undertaking a review of their registry costs, it is critical that the security of your register remains a significant priority. Fraudsters will continue to search for new ways to infiltrate and deceive, and risking your registry security through a short term cost-cutting focus may in the long run end up costing you much more.

No other registrar can match Computershare’s commitment and investment in the technology, systems, processes and people required to safeguard your register and securityholder data in today’s high risk environment.

For more information on Computershare’s industry-leading approach to registry security, please contact your Relationship Manager.