ZAIN IRAQ ISLAMIC BANK FOR INVESTMENT AND

FINANCE
 “As your partner for the future we strive to
offer you the best solutions allied with high
quality of services that will help you move
forward, offer your clients better facilities and
heighten performance stability”

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 2 | September 20, All Rights Reserved Proprietary &Confidential
 Date: Tuesday, September 29, 2020
Ref: AEG_OF/IQ/10721/2020

ZAIN IRAQ ISLAMIC BANK FOR INVESTMENT AND FINANCE

ARASAT AL-HINDIA 32 HAY BABIL, 925 HOUSE NBR124 1

BAGHDAD,
IRAQ

SWIFT Customer Security Controls Framework Compliancy Assistance

Dear Sirs,

After the many heists that have struck the banking community — and in particular the
SWIFT community — the need for high IT security surfaced again as an urgent necessity
and not only as another module in the Banks’ Infrastructure. Thus, compliance programs
have emerged to make sure that the SWIFT infrastructure is well protected. Under this
need, SWIFT has released the Customer Security Program (CSP) to provide the needed
protection for the SWIFT infrastructure.
Banks are put today in a situation, where they either be compliant with the new SWIFT
CSP standards, or else, they are jeopardizing their reputation, their liability and their future
in the business field – knowing that all institutions must provide the self-attestation evidence
before January 2018 as per the Controls to be released by SWIFT in May 2017 under
SWIFT Customer Security Controls Policy.

SWIFT stated, that the self-attestation evidences of each bank will be eventually published
overtly for correspondents to see who is compliant and who is not. Subsequently,
correspondents will not be willing to work with noncompliant or risky banks. As a result,
banking operations with correspondent banks will be affected. Thus, failing to be compliant
on time will pose risks on the bank’s business.

The Program includes a list of mandatory and advisory controls that guide the banks to
have their SWIFT Infrastructure compliant. This Program is designed to protect the financial
industry from the risks that cover the following aspects of the business (CSP, March 2017):

▪ Financial Risk
▪ Legal Risk
▪ Regulatory Risk
▪ Reputational Risk

The CSP Program emerged to fulfill the following:

▪ Secure your Environment
▪ Know and Limit Access
▪ Detect and Respond

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 3 | September 20, All Rights Reserved Proprietary &Confidential
 AEG decided to assist its customers by providing various assistance methods to address
the Customer Security Control Framework. The aim is to make your esteemed bank
compliant with the engagement method of AEG in the compliancy process and it will be
dependent on the bank’s preferences.

We hope our offer will meet your acceptance; if more information is needed please
do not hesitate to contact us.

Best Regards,

Ali Ussama
Account Manager

AEG-FS (Offshore) S.A.L.

CC: Dr. Mohamed Sadek

AEG General Manager

CC: Hussein Abdallah

Sales Manager

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 4 | September 20, All Rights Reserved Proprietary &Confidential
 SWIFT Customer Security Controls
Framework Compliancy Assistance
For ZAIN IRAQ ISLAMIC BANK FOR
INVESTMENT AND FINANCE

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 5 | September 20, All Rights Reserved Proprietary &Confidential
 SWIFT Security Control Framework
Compliance Offer
1. Technical Offer

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 6 | September 20, All Rights Reserved Proprietary &Confidential
 1.1. Introduction
SWIFT has released the Customer Security Control Framework , which is a Controls Frameowrk
to protect the SWIFT Infrastructure.SWIFT mandated that all banks should be compliant with the
Mandatory points. This Programme is updated on a yearly basis, and each year some controls
are being upgraded to Mandatory (or newly added), and others are added as Advisory.

1.1.1. Challenges

• Challenges in the banking sector after the recent heists

• Cyber Security is put under the magnifier
• SWIFT Released the CSP Program
o Customer Security Controls Framework 1.0
o Issuance of a new release every year

1.2. Customer Security Controls Framework

First published in 2017, the CSCF evolves over time with the aim of continuously raising the
security bar in a pragmatic way, thereby addressing new and arising threats. The updates
incorporate advances in cybersecurity practice and respond to feedback provided by the SWIFT
community.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 7 | September 20, All Rights Reserved Proprietary &Confidential
 This Program is designed to protect the financial industry from the risks that cover the following
aspects of the business:
• Financial Risk
• Legal Risk
• Regulatory Risk
• Reputational Risk

The CSP Program emerged to fulfill the following:

• Secure your Environment
• Know and Limit Access
• Detect and Respond

Concerning the Attestation, customers can still perform a Self Attestation as well take benefit
from a third Party to do it on their behalf.

As Immediate Consequences, we can note the following:

• Correspondent banking effected (Cases in Europe since March 2017)
• Timeline challenges for compliancy
• Resource Allocation and dedication

1.3. CSCF 2020 – Outlined Changes

Changes outlined in the CSCF v2020, include:

• the promotion of two existing advisory controls to mandatory;

• the introduction of two new advisory controls;
• the extension of an advisory control to include middleware/MQ servers

As a result, the CSCF v2020 is now composed of 21 mandatory and 10 advisory controls. Two
advisory controls, 1.3 and 2.10, which aim to protect and reduce potential vulnerabilities on
critical systems where virtualization is being used more frequently, and on critical interface
components, have been promoted to mandatory.

Two new advisory controls, 1.4A and 2.11A, have been introduced to provide guidance on a)
restricting internet access and b) Relationship Management Application (RMA) business control.

Furthermore, advisory control 2.4A has been expanded to include middleware/MQ servers to
help protect the upstream back-office application flows. Additional controls guidance and/or
clarifications have been included in numerous areas, including controls scope, architecture
types, security controls compliance, expectations on general operator PCs, token management
and intrusion detection.

In addition to clarifications on existing controls, the CSCF v2020 should already be consulted to
help customers plan and budget any action required on their end. The CSCF v2020 will become
effective in the KYC-SA, the online repository for customer attestations, in July 2020.
Attesting compliance against the CSCF v2020 will be mandatory by the end of 2020.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 8 | September 20, All Rights Reserved Proprietary &Confidential
 As part of the Change Management process for the CSCF, controls updates are usually
announced mid-year, with attestation and compliance against the mandatory controls of any new
version required between July and December of the following year. This is intended to allow
enough time, up to 18 months, for customers to budget, plan and implement updates. The
Change Management process can also include emergency releases if certain changes to the
CSCF cannot wait until the next scheduled release but we anticipate emergency releases to be
a rare occurrence.

1.4. AEG Offering

1.4.1. Consultancy, Guidance & Support

In this offering AEG will provide the consultancy, guidance and Support needed for the different
points to achieve the bank’s compliancy. All points that require performing the Gap assessment
relative to the new framework, advising the enhancements to the architecture, educating the
Security Officers, guiding the penetration testing team and performing the security training are
included in the offer in addition to publishing the KYC-SA. The bank will not pay per day for
any enrollment in the Compliancy Assistance. The bank will only pay for ticket and hotel
accommodation when on-site assistance is required. The need of on-site intervention will be
agreed between the Project Managers at both sides.

The Guidance consultancy and support includes:

• Performing the Gap Assessment

• Advising best practices for the new security architecture
• Provide Support on the CSCF, by verifying solution compatibility and design
compatibility. Further, clarifying all points that are in the CSCF.
• Update the necessary procedures and policies to reach the compliancy state
o Polices
o Procedures
o Standards
• Publish the KYC- SA.
• Delivering needed awareness training for operators, Admins and Security officers.

1.4.2. CSP Compliancy Assessment (Governance Programme Consultancy)

AEG offers its CSP Compliancy Assessment Contract to include the annual coverage of the
Consultancy, Guidance & Support on the recurrent releases of the Customer Security
Framework, the secure zone SWIFT Infrastructure guidance on the technical enhancements,
documents.

This includes:
• The annual Awareness trainings
• The annual Gap Assessment

This is the Annual Package of the Consultancy, Guidance and Support.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 9 | September 20, All Rights Reserved Proprietary &Confidential
 1.4.3. Premium Support on the Secure Zone Infrastructure (Technical Support)

This Support Programme other than the support on the level of the Alliance products and the
Customer Security Framework updates

There will be engineers to administer and maintain the VAULT. AEG will not commit on the
level of number of engineers present. Rather the commitment will be on SLA level that is to be
discussed with the bank. The administration of the systems will be followed by AEG excluding
of the Security Monitoring which will still remain at the customer’s side. AEG will not have
access to any sensitive Data (Messaging, RMA etc…) unless explicitly delegated by the
customer’s Team.

Alternatively, the bank can take any of the CSP Compliancy Assessment Packages suggested
by AEG:
• Platinum Level: Managed Services of the Secure Zone, Infrastructure, Security
Products and SWIFT Products.
• Premium Level: Secure Zone security products (Ekran, Cimtrak, Vulnerability scanner,
SWIFT Products, System Infrastructure, Enterprise Certificate Authority, Hardening
Group policies, Secure Zone domain controller)
• Regular Support: SWIFT Products

1.4.4. Cyber Security protection offering

AEG and its experienced Cyber security partners can offer all tasks needed to be performed
on the secure Zone. This covers:
• Vulnerability Assessment
• Penetration Testing
• Risk Assessment

The offer is provided upon request.

1.4.5. Vulnerability Scanning

Vulnerability scanning is the activity of checking IT assets for published vulnerabilities, so that
they can be followed up, by patching them or hardening the configuration. Further, the tool can
be configured to validate existing hardening procedures and compliance with industry
requirements or bank’s policies.

For this purpose:

A tool will be implemented at the bank’s side that has:

A console: On which the assets to be scanned are configured. Further the activities of
scanning can be triggered. The tool downloads updates in real team manner from an online
repository. This tool also integrates to the internet via a proxy server. The console needs
connectivity to the scanners.

Scanners: These are the components from which the scans are initiated. This communicate
directly to the assets defined in the console.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 10 | September 20, All Rights Reserved Proprietary &Confidential
 1.5. Cyber Security Scenario for Risk Assessment

AEG’s Cyber security Scenario Risk Assessment for SWIFT’s secure zone, is consultancy
service targeted to test various attack scenarios via table-top exercise using either ISO 27005
or NIST Risk Assessment framework. The outcome of this exercise is to check possible ways
that an adversary can gain un authorized access to compromise integrity, confidentiality or
availability of the bank’s SWIFT Infrastructure.

This exercise is intended to evaluate whether the existing controls are enough or whether
additional controls should be added. The scenarios are classified according to likelihood of
impact on the organization. These are prioritized and forwarded for decision to the
corresponding stakeholders.

A report is generated showing results and suggesting risk treatment which is then evaluated by
the bank for budgeting and handling.

1.6. SWIFT’s Secure Zone Penetration Testing

AEG’s penetration testing for SWIFT’s secure zone, A technical consultancy service by which a
simulated cyber-attack is performed on an IT Infrastructure to evaluate the implemented security
controls. The test is executed to identify misconfiguration, weaknesses and strengths.
Vulnerabilities may include the potential for unauthorized parties to gain access to accounts,
sensitive data, or the gaining privileges and so on. The outcome of this exercise is a report that
highlights the weaknesses captured in the penetration test, its criticality and its exploitability
level.

The objective of the security assessment and penetration testing of the secure zone network
infrastructure supporting the application is to determine the overall security of the network
segments and hosts within the SWIFT environment, analyze related risks and provide
recommendations in order to mitigate those risks.

How It Works

Undertaking penetration testing, we will be performing a simulated cyber-attack on the Boundary

Firewall (i.e. the separation of the trusted / untrusted systems) .

At Zone I, we simulate the attack from external to internal environments in the following manner :
• Anchor I: From AEG SB to the SAA server
• Anchor II: From the user zone to the Secure zone
• Anchor III: From the BO to the SAA server.

At Zone II, we simulate the attack from internal to external environments: Anchor IV: From Jump
server (s) or file servers.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 11 | September 20, All Rights Reserved Proprietary &Confidential
 The tasks involved in this process are briefed out as follows:

• Perform broad scans to identify potential areas of exposure and services that may act
as entry points
• Perform targeted scans and manual investigation to validate vulnerabilities
• Identify and validate vulnerabilities
• Rank vulnerabilities based on threat level, loss potential, and likelihood of exploitation
• Perform supplemental research and development activities to support analysis
• Identify issues of immediate consequence and recommend solutions
• Transfer knowledge

1.7. Virtualization

AEG provides its SmartFT solution as a virtualization solution providing compliance for the new
mandatory section of CSCF 2020.)1.3(

The solution isolates the SWIFT environment from the bank’s enterprise environment and
provides a segregated virtualization environment with dedicated management network .

Other than the operational protection (Fault tolerance and High Availability), the solution has
regular security updates by the vendor.

1.8. Vulnerability Scanning

Nexpose is a vulnerability assessment, policy compliance and remediation management

solution designed for organizations with large networks which require the highest levels of
scalability, performance, customizability and deployment flexibility.

NeXpose Enterprise scans Web applications, databases, networks, operating systems and
other software products to locate threats, assess their risk to the environment, and devise a
remediation plan to significantly reduce security risks and confidently protect valuable digital
assets.

▪ Network Security

Ensure all systems and network devices have been properly tested for vulnerabilities and mis-
configurations to minimize security risks.

▪ Web Application Security

Scan the Web application server and all Web applications for serious threats to your
environment such as SQL injection and cross-site scripting.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 12 | September 20, All Rights Reserved Proprietary &Confidential
 ▪ Database Security

Identify issues and compliance violations by comprehensively scanning your databases for
vulnerabilities.

▪ Unrivaled breadth of unified vulnerability scanning

Scans for over 16,000 vulnerabilities with more than 65,000 vulnerability checks in networks,
operating systems, Web applications and databases across a wide range of platforms.

▪ Regular vulnerability updates

Automatically provides vulnerability updates without user intervention. Delivers immediate

Microsoft Patch Tuesday vulnerability updates within 24 hours to stay current with the changing
threat landscape.

▪ Prioritized risk assessment

Identifies risk based upon how the vulnerability in one system affects another and customizes
the risk scoring system to fit your unique organizational requirements.

▪ Comprehensive compliance and policy checks

Determine if your systems comply with corporate or regulatory policies such as PCI, HIPAA,
NERC or FISMA.

▪ Robust predefined and customizable reports and dashboards

Leverage dozens of out-of-the box reports and view executive dashboards to obtain instant
insight into your security posture. Create additional reports on the fly.

▪ Remediation guidance

Fix vulnerabilities quickly and easily with the information provided in remediation reports.

▪ Accurate scan results

Delivers accurate scanning results in less time with an expert system that follows an assessment
process similar to that used by ethical hackers.

▪ Flexible deployment models

Deploy NeXpose Enterprise any way you want, as software, appliance, mobile laptop, managed
service or private cloud to meet your unique security assessment needs.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 13 | September 20, All Rights Reserved Proprietary &Confidential
 SWIFT Security Control Framework
Compliance Offer
2. Financial Offer

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 14 | September 20, All Rights Reserved Proprietary &Confidential
 2.1 Professional Services, Guidance, Products fees
Option 1: Consultancy Offer for the year 2020

Sr. One Time

Description Cur Paid to
no Fees
CSCF Compliancy: CSP Guidance & Support
- CSP Guidance & Support-including documentation delivery
1 (lump sum independent of man days) except the Cyber EUR 15,000.00 AEG
Security Section

20% Special Discount EUR (3,000.00)

Final Total Fees 1 2 EUR 12,000.00 AEG

Option 2: Consultancy Offer for 3 years

Sr. One Time

Description Cur Paid to
no Fees
CSCF Compliancy: CSP Guidance & Support
- CSP Guidance & Support-including documentation delivery
1 (lump sum independent of man days) except the Cyber EUR 15,000.00 AEG
Security Section

20% Special Discount EUR (3,000.00)

Total Fees for 1 year EUR 12,000.00 AEG

Total Fees for 3 years EUR 36,000.00 AEG

Exceptional Final Discount on the 3 years charges EUR (6,000.00)

Final Total Fees for 3 years 3 4 EUR 30,000.00 AEG

For AEG CSP Support Packages, a separate offering could be provided or added to this proposal upon
the request of the customer.

1
This offer doesn’t include the Cyber Security Section. If requested by the customer, a separate quotation will be provided
upon request.
2
In addition to AEG Consultant expenses including Accommodation, Travel expenses and transportation fees to be covered by
the bank. Additional days will be charged 2,000.00 EUR/day. Travel Days (2x days per engineer) and non-working days will be
charged for 1,000.00 EUR per day.
3
This offer doesn’t include the Cyber Security Section. If requested by the customer, a separate quotation will be provided
upon request.
4
In addition to AEG Consultant expenses including Accommodation, Travel expenses and transportation fees to be covered by
the bank. Additional days will be charged 2,000.00 EUR/day. Travel Days (2x days per engineer) and non-working days will be
charged for 1,000.00 EUR per day.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 15 | September 20, All Rights Reserved Proprietary &Confidential
 Guidance and Consultancy includes:

- Guidance on what to do to be compliant, example design of the secure zone, position

of Jump Servers, requirements to build it (Communication Matrix) etc..
- Assist and validate the design of the Secure Zone
- Validate the existing solutions if can be used to comply the CSCF 2020
- Security Awareness session for Operators and Admins (WebEx)
- Gap Assessment exercise on the Bank’s SWIFT Infrastructure to the CSCF
- Validation, amendment and writing of sections of the needed policies. As an Example:
▪ Create Remote Access Policy & procedure, for remote assistance vendor
support
▪ Review change management procedure for SWIFT Environment
▪ Create policy for password saving (physical or password mgmt)
▪ Document local users and active directory users that have access to all
resources in the secure zone
▪ Document Emergency Procedure for SWIFT systems (Break Glass Account)
▪ Verify all secure zone components, OS, IOS, Applications, Hardware are
under Support From Vendor
▪ Annual Maintenance and licenses are in place
▪ Create Risk Assessment Policy to be applied when release of vendor security
update
▪ Create Patch / Update policy to be compliant with SWIFT's policy CVSS v3
▪ Create policy to safe store any critical device used in the SWIFT infrastructure
while not in use
▪ Create Password Policy privileged & non privileged accounts
▪ Create policy for physical written password storage
▪ swift.com portal role segregation and secure channel activities
▪ Etc…….

- Guidance on Segregatation of duties on the Operating System Privelage levels

- Guidance on the segregation of duties on the MFA
- Low Level Diagram
- Data Flow diagram
- Highlight the documents that are expected to be delivered but need efforts from the
Bank’s team
▪ Communication Matrix
▪ Support Contract with Vendors, for all components of the secure zone.
▪ Document deviations from policies
▪ Defining the Access and role matrix on PASM
▪ Etc…..

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 16 | September 20, All Rights Reserved Proprietary &Confidential
 2.2 Optional services

Sr. One Time Annual

Description Cur Paid to
no Fees Charges
Vulnerability Scanning
- insightVM Subscription for 128 Asset Range
(including Discovery, scan engines, templates
1 and up to 3 InsightVM Consoles) including EUR 5,000.00 10,000.00 AEG
Implementation, Remote Assistance &
Knowledge Transfer + Documentation
Certificate Authority
- Certificate Authority Preparation Assistance
2 EUR 5,000.00 0.00 AEG
(3x days)
Penetration Testing (Optional)
3 - Penetration Testing EUR 10,000.00 0.00 AEG

Risk Assessment (Optional)

4 - Risk Assessment EUR 10,000.00 0.00 AEG

AEG CSP Compliancy Assessment

5 - CSP Compliancy Assessment EUR 0.00 15,000.00 AEG

AEG CSP Support Packages (Optional)

- AEG CSP Support Packages Platinum,
6 EUR 0.00 TBC 5 AEG
Premium or Regular)

Total Fees 6 7 EUR 30,000.00 25,000.00 AEG

5
For AEG CSP Support Packages, a separate offering could be provided or added to this offer upon the request of the customer
6
This offer doesn’t include the Cyber Security Section. If requested by the customer, a separate quotation will be provided
upon request.
7
In addition to AEG Consultant expenses including Accommodation, Travel expenses and transportation fees to be covered by
the bank. Additional days will be charged 2,000.00 EUR/day. Travel Days (2x days per engineer) and non-working days will be
charged for 1,000.00 EUR per day.

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 17 | September 20, All Rights Reserved Proprietary &Confidential
 2.3 General Terms and Conditions
- Contractual Terms and Conditions are according to AEG General Terms and
Conditions
- Prices are as of January 2020
- Installation and training fees have to be paid to AEG upon contract signature
- The License Annual Maintenance fees cover the delivery of system updates,
upgrades, patches and limited to e-mail and phone support only.
- The annual maintenance or running fees is due to be paid starting the first year
of the contract and will be paid at the beginning of each connectivity year
- If more consultancy / training days are required, the cost per consultancy day is
1,500.00 EUR excluding Ticket and hotel Accommodation
- Travel Days (2x days per engineer) and non-working days will be charged for
500.00 EUR per day.
- Implementation engagement can start after 6 to 8 weeks of the signature of the
Contract
- This offer doesn’t include the Cyber Security Section
- The above prices do not include any VAT, sales or any other taxes
- This offer is valid for 45 days from today
- Payments:
o 60% upon firm order
o 40% upon installation

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 18 | September 20, All Rights Reserved Proprietary &Confidential
 Thank You!

AEG-FS (Off Shore) S.A.L. BZIIIQBA – SWIFT CSCF Compliance Offer - AEG_OF/IQ/10721/2020
Lebanon Office: Ain El Tineh- Ashour Bldg, Beirut - P.O. Box 113-5037 Tel + 961 1 78 99 00 Fax + 961 1 78 99 00
Email [email protected] www.aeg-mea.com
Page 19 | September 20, All Rights Reserved Proprietary &Confidential