This is not the document you are looking for? Use the search form below to find more!

Report home > World & Business

Risk Management Principles for Electronic Banking - Basel ...

0.00 (0 votes)
Document Description
The Basel Committee on Banking Supervision expects such risks to be recognized, addressed and managed by banking institutions in a prudent manner according to the fundamental characteristics and challenges of e-banking services. These characteristics include the unprecedented speed of change related to technological and customer service innovation, the ubiquitous and global nature of open electronic networks, the integration of e- banking applications with legacy computer systems and the increasing dependence of banks on third parties that provide the necessary information technology. While not creating inherently new risks, the Committee noted that these characteristics increased and modified some of the traditional risks associated with banking activities, in particular strategic, operational, legal and reputational risks, thereby influencing the overall risk profile of banking.
File Details
  • Added: April, 13th 2011
  • Reads: 393
  • Downloads: 1
  • File size: 147.46kb
  • Pages: 35
  • Tags: risk management principles, electronic banking, e banking, basel committee on banking supervision
  • content preview
Submitter
  • Name: wick
Embed Code:

Add New Comment




Related Documents

Management and Supervision of Cross-Border Electronic Banking ...

by: elita, 21 pages

The purpose of this paper prepared by the Electronic Banking Group (EBG) of the Basel Committee on Banking Supervision is to express supervisory expectations and guidance as to banks carrying out ...

Insurance and the Credic Crisis: Impact and Ten Consequences for risk Management and Supervision

by: samanta, 23 pages

Although the insurance industry is less affected than the banking industry, the credit crisis has revealed room for improvement in its risk management and supervision. Based on this observation, we ...

Proposing a Risk Management Framework for Value Chain Initiatives

by: samanta, 13 pages

Consciously managing a business as part of a closely-aligned value chain in order to achieve sustainable competitive advantage is a practice still in its infancy in the agriculture and agri-food ...

Paying the Premium: Insurance as a Risk Management Tool for Climate Change

by: shinta, 15 pages

Climate change is projected to exacerbate the intensity, and frequency, of weather-related hazards such as storms and droughts (IPCC, 2007). These climatic changes are likely to ...

RAPS Approved Seminar on Risk Management in Pharmaceutical Industry at Mumbai

by: globalpanel, 2 pages

Overview Topics include current US and international regulations for developing and implementing effective risk management. The curriculum's initial focus will be on basic regulations requirements ...

Risk Management in Medical Devices Industry - US Seminar 2012 at Boston

by: globalpanel, 2 pages

The course will introduce the main elements of risk management and the application of risk management principles and requirements to the medical device development cycle. Risk management has become ...

Risk Management in Medical Devices Industry

by: globalpanel, 4 pages

The course will introduce the main elements of risk management and the application of risk management principles and requirements to the medical device development cycle. Risk management has become ...

Risk Management in Medical Devices Industry - US Seminar 2012 at Boston

by: globalpanel, 2 pages

The course will introduce the main elements of risk management and the application of risk management principles and requirements to the medical device development cycle. Risk management has become ...

RAPS Approved Seminar on Risk Management in Medical Devices Industry at Mumbai

by: globalpanel, 2 pages

The course will introduce the main elements of risk management and the application of risk management principles and requirements to the medical device development cycle. Risk management has become ...

Principles of Risk Management and Insurance Rejda 11th Edition Test Bank

by: gordonbarbier, 48 pages

Principles of Risk Management and Insurance Rejda 11th Edition Test Bank

Content Preview


Basel Committee
on Banking Supervision

Risk Management
Principles for Electronic
Banking





July 2003




Table of Contents
Executive Summary ............................................................................................................... 1
I. Introduction ................................................................................................................... 4
A.
Risk Management Challenges ............................................................................. 5
B.
Risk Management Principles................................................................................ 6
II.
Risk Management Principles for Electronic Banking...................................................... 7
A.
Board and Management Oversight (Principles 1 to 3) .......................................... 8
B.
Security Controls (Principles 4 to 10) ................................................................. 12
C.
Legal and Reputational Risk Management (Principles 11 to 14) ........................ 18
Appendix I: Sound Security Control Practices for E-Banking............................................ 22
Appendix II: Sound Practices for Managing Outsourced E-Banking Systems and

Services ........................................................................................................ 23
Appendix III: Sound Authorisation Practices for E-Banking Applications ............................ 26
Appendix IV: Sound Audit Trail Practices for E-Banking Systems ...................................... 27
Appendix V: Sound Practices to Help Maintain the Privacy of Customer

E-Banking
Information ................................................................................... 28
Appendix VI: Sound Capacity, Business Continuity and Contingency Planning Practices

for
E-Banking ................................................................................................ 29






Electronic Banking Group of
the Basel Committee on Banking Supervision
Chairman:
Mr John Hawke, Jr - Comptroller of the Currency, Washington DC
Members:
Australian Prudential Regulation Authority, Australia
Mr Graham Johnson
Commission Bancaire et Financière, Belgium
Mr Jos Meuleman

Mr Koen Algoet
Office of the Superintendent of Financial Institutions, Canada
Ms Judy Cameron

Mr Abilash Bhachech
Commission Bancaire, France
Mr Alain Duchâteau
Deutsche Bundesbank, Germany
Mr Sven Jongebloed
Bundesanstalt für Finanzdienstleistungsaufsicht, Germany
Mr Stefan Czekay
Hong Kong Monetary Authority, Hong Kong SAR
Mr Shu-Pui Li

Mr Brian Lee
Banca d'Italia, Italy
Mr Filippo Siracusano

Mr Tullio Pra
Bank of Japan, Japan
Mr Toshihiko Mori

Mr Hiroaki Kuwahara

Ms Tomoko Suzuki
Financial Services Agency, Japan
Mr Koji Hamada
Ms
Yoko
Ota
Commission de Surveillance du Secteur Financier, Luxembourg
Mr David Hagen

Mr Claude Bernard
De Nederlandsche Bank N.V., The Netherlands
Mr Erik Smid
Monetary Authority of Singapore, Singapore

Mr Leon Chang

Mr Enoch Ch'ng

Mr Tony Chew
Banco de España, Spain
Ms Maria Jesús Nieto
Finansinspektionen, Sweden
Ms Christina Westerling
Federal Banking Commission, Switzerland
Mr Daniel Schmid
Financial Services Authority, United Kingdom
Mr Peter MacCormack
Federal Reserve Bank of New York, United States
Mr George Juncker

Ms Barbara Yelcich
Office of the Comptroller of the Currency (OCC),
Mr Hugh Kelly
United States
Mr Clifford Wilke
Board of Governors of the Federal Reserve System,
Ms Angela Desmond
United States

Mr Jeff Marquardt
Federal Deposit Insurance Corporation, United States
Ms Sandra Thomson



European Central Bank
Mr Christian Fehlker
Secretariat, Basel Committee on Banking Supervision,
Mr Laurent Le Mouël
Bank for International Settlements





Risk Management Principles for Electronic Banking
Executive Summary
Continuing technological innovation and competition among existing banking organisations
and new entrants have allowed for a much wider array of banking products and services to
become accessible and delivered to retail and wholesale customers through an electronic
distribution channel collectively referred to as e-banking. However, the rapid development of
e-banking capabilities carries risks as well as benefits.
The Basel Committee on Banking Supervision expects such risks to be recognised,
addressed and managed by banking institutions in a prudent manner according to the
fundamental characteristics and challenges of e-banking services. These characteristics
include the unprecedented speed of change related to technological and customer service
innovation, the ubiquitous and global nature of open electronic networks, the integration of e-
banking applications with legacy computer systems and the increasing dependence of banks
on third parties that provide the necessary information technology. While not creating
inherently new risks, the Committee noted that these characteristics increased and modified
some of the traditional risks associated with banking activities, in particular strategic,
operational, legal and reputational risks, thereby influencing the overall risk profile of
banking.
Based on these conclusions, the Committee considers that while existing risk management
principles remain applicable to e-banking activities, such principles must be tailored, adapted
and, in some cases, expanded to address the specific risk management challenges created
by the characteristics of e-banking activities. To this end, the Committee believes that it is
incumbent upon the Boards of Directors and banks’ senior management to take steps to
ensure that their institutions have reviewed and modified where necessary their existing risk
management policies and processes to cover their current or planned e-banking activities.
The Committee also believes that the integration of e-banking applications with legacy
systems implies an integrated risk management approach for all banking activities of a
banking institution.
To facilitate these developments, the Committee has identified fourteen Risk Management
Principles for Electronic Banking
to help banking institutions expand their existing risk
oversight policies and processes to cover their e-banking activities.
These Risk Management Principles are not put forth as absolute requirements or even "best
practice." The Committee believes that setting detailed risk management requirements in the
area of e-banking might be counter-productive, if only because these would be likely to
become rapidly outdated because of the speed of change related to technological and
customer service innovation. The Committee has therefore preferred to express supervisory
expectations and guidance in the form of Risk Management Principles in order to promote
safety and soundness for e-banking activities, while preserving the necessary flexibility in
implementation that derives in part from the speed of change in this area. Further, the
Committee recognises that each bank's risk profile is different and requires a tailored risk
mitigation approach appropriate for the scale of the e-banking operations, the materiality of
the risks present, and the willingness and ability of the institution to manage these risks. This
implies that a “one size fits all” approach to e-banking risk management issues may not be
appropriate.
For a similar reason, the Risk Management Principles issued by the Committee do not
attempt to set specific technical solutions or standards relating to e-banking. Technical

1


solutions are to be addressed by institutions and standard setting bodies as technology
evolves. However, this Report contains appendices that list some examples current and
widespread risk mitigation practices in the e-banking area that are supportive of the Risk
Management Principles
.
Consequently, the Risk Management Principles and sound practices identified in this Report
are expected to be used as tools by national supervisors and implemented with adaptations
to reflect specific national requirements and individual risk profiles where necessary. In some
areas, the Principles have been expressed by the Committee or by national supervisors in
previous bank supervisory guidance. However, some issues, such as the management of
outsourcing relationships, security controls and legal and reputational risk management,
warrant more detailed principles than those expressed to date due to the unique
characteristics and implications of the Internet distribution channel.
The Risk Management Principles fall into three broad, and often overlapping, categories of
issues that are grouped to provide clarity: Board and Management Oversight; Security
Controls; and Legal and Reputational Risk Management
.
Board and Management Oversight
Because the Board of Directors and senior management are responsible for developing the
institution’s business strategy and establishing an effective management oversight over risks,
they are expected to take an explicit, informed and documented strategic decision as to
whether and how the bank is to provide e-banking services. The initial decision should
include the specific accountabilities, policies and controls to address risks, including those
arising in a cross-border context. Effective management oversight is expected to encompass
the review and approval of the key aspects of the bank’s security control process, such as
the development and maintenance of a security control infrastructure that properly
safeguards e-banking systems and data from both internal and external threats. It also
should include a comprehensive process for managing risks associated with increased
complexity of and increasing reliance on outsourcing relationships and third-party
dependencies to perform critical e-banking functions.
Security Controls
While the Board of Directors has the responsibility for ensuring that appropriate security
control processes are in place for e-banking, the substance of these processes needs
special management attention because of the enhanced security challenges posed by e-
banking. This should include establishing appropriate authorisation privileges and
authentication measures, logical and physical access controls, adequate infrastructure
security to maintain appropriate boundaries and restrictions on both internal and external
user activities and data integrity of transactions, records and information. In addition, the
existence of clear audit trails for all e-banking transactions should be ensured and measures
to preserve confidentiality of key e-banking information should be appropriate with the
sensitivity of such information.
Although customer protection and privacy regulations vary from jurisdiction to jurisdiction,
banks generally have a clear responsibility to provide their customers with a level of comfort
regarding information disclosures, protection of customer data and business availability that
approaches the level they can expect when using traditional banking distribution channels.
2



To minimise legal and reputational risk associated with e-banking activities conducted both
domestically and cross-border, banks should make adequate disclosure of information on
their web sites and take appropriate measures to ensure adherence to customer privacy
requirements applicable in the jurisdictions to which the bank is providing e-banking services.
Legal and Reputational Risk Management
To protect banks against business, legal and reputation risk, e-banking services must be
delivered on a consistent and timely basis in accordance with high customer expectations for
constant and rapid availability and potentially high transaction demand. The bank must have
the ability to deliver e-banking services to all end-users and be able to maintain such
availability in all circumstances. Effective incident response mechanisms are also critical to
minimise operational, legal and reputational risks arising from unexpected events, including
internal and external attacks, that may affect the provision of e-banking systems and
services. To meet customers’ expectations, banks should therefore have effective capacity,
business continuity and contingency planning. Banks should also develop appropriate
incident response plans, including communication strategies, that ensure business continuity,
control reputation risk and limit liability associated with disruptions in their e-banking
services.

3


Risk Management Principles for Electronic Banking
I. Introduction
Banking organisations have been delivering electronic services to consumers and
businesses remotely for years. Electronic funds transfer, including small payments and
corporate cash management systems, as well as publicly accessible automated machines for
currency withdrawal and retail account management, are global fixtures. However, the
increased world-wide acceptance of the Internet1 as a delivery channel for banking products
and services provides new business opportunities for banks as well as service benefits for
their customers.
Continuing technological innovation and competition among existing banking organisations
and new market entrants has allowed for a much wider array of electronic banking2 products
and services for retail and wholesale banking customers. These include traditional activities
such as accessing financial information, obtaining loans and opening deposit accounts, as
well as relatively new products and services such as electronic bill payment services,
personalised financial “portals,” account aggregation3 and business-to-business market
places and exchanges.
Notwithstanding the significant benefits of technological innovation, the rapid development of
e-banking capabilities carries risks as well as benefits and it is important that these risks are
recognised and managed by banking institutions in a prudent manner.4 These developments
led the Basel Committee on Banking Supervision to conduct a preliminary study of the risk
management implications of e-banking and e-money in 1998.5 This early study demonstrated
a clear need for more work in the area of e-banking risk management and that mission was
entrusted to a working group comprised of bank supervisors and central banks, the
Electronic Banking Group (EBG), which was formed in November 1999.

1 For the purposes of this Report, the Internet is defined to include all related web enabling technologies and
open telecommunications networks ranging from direct dial-up connections, the public World Wide Web, and
virtual private networks.
2 For the purpose of this Report, electronic banking, or e-banking, includes the provision of retail and small
value banking products and services through electronic channels as well as large value electronic payments
and other wholesale banking services delivered electronically.
3 Account aggregation services allow customers to obtain consolidated information about their financial and
non-financial accounts in one place. An aggregator essentially acts as agent for customers to provide
consolidated information on customers’ accounts across several financial institutions. Customers provide the
aggregator with the necessary security password or personal identification number to access and consolidate
account information primarily through screen scraping, a process that involves culling data from the other
institutions' websites, often without their knowledge, or through contractually arranged direct data feeds
between financial institutions.
4 Because of rapid changes in information technology, no description of such of risks can be exhaustive.
However, the risks facing banks engaged in e-banking are generally not new and they are encompassed by
risk categories identified in the Basel Committee's Core Principles for Effective Banking Supervision,
September 1997. That guidance identified eight risk categories including credit risk, country and transfer risk,
market risk, interest rate risk, liquidity risk, operational risk, legal risk and reputational risk. The Core Principles
are available on the BIS website at http://www.bis.org.
5 "Risk Management for Electronic Banking and Electronic Money Activities", March 1998, available on the
Bank for International Settlements’ website at http://www.bis.org.
4


Document Outline

  • Risk Management Principles for Electronic Banking
  • Table of Contents
  • Executive Summary
    • Board and Management Oversight
    • Security Controls
    • Legal and Reputational Risk Management
  • I. Introduction
    • A. Risk management challenges
    • B. Risk management principles
  • II. Risk Management Principles for Electronic Banking
    • A. Board and Management Oversight (Principles 1 to 3):
    • B. Security Controls (Principles 4 to 10):
    • C. Legal and Reputational Risk Management (Principles 11 to 14):
    • A. Board and Management Oversight (Principles 1 to 3)
    • B. Security Controls (Principles 4 to 10)
    • C. Legal and Reputational Risk Management (Principles 11 to 14)
  • Appendix I: Sound Security Control Practices for E-Banking
  • Appendix II: Sound Practices for Managing Outsourced E-Banking Systems and Services
  • Appendix III: Sound Authorisation Practices for E-Banking Applications
  • Appendix IV: Sound Audit Trail Practices for E-Banking Systems
  • Appendix V: Sound Practices to Help Maintain the Privacy of Customer E-Banking Information
  • Appendix VI: Sound Capacity, Business Continuity and Contingency Planning Practices for E-Banking

Download
Risk Management Principles for Electronic Banking - Basel ...

 

 

Your download will begin in a moment.
If it doesn't, click here to try again.

Share Risk Management Principles for Electronic Banking - Basel ... to:

Insert your wordpress URL:

example:

http://myblog.wordpress.com/
or
http://myblog.com/

Share Risk Management Principles for Electronic Banking - Basel ... as:

From:

To:

Share Risk Management Principles for Electronic Banking - Basel ....

Enter two words as shown below. If you cannot read the words, click the refresh icon.

loading

Share Risk Management Principles for Electronic Banking - Basel ... as:

Copy html code above and paste to your web page.

loading