Presentation is loading. Please wait.

Presentation is loading. Please wait.

e-Banking Risk Management

Published byBruno Stafford Modified over 8 years ago

Similar presentations

Presentation on theme: "e-Banking Risk Management"— Presentation transcript:

1 e-Banking Risk Management
Rural Bankers Association of the Philippines & Micro enterprise Access to Banking Services RBAP G-Cash Services Training e-Banking Risk Management Magandang Japon! RBAP President Gen William Hotchkiss, others at the Head Table, Fellow Rural Bankers. I am pleased to be here to present about the experience and opportunities for rural banks to expand their microenterprise lending.

2 PURPOSE & ORGANIZATION
This risk management manual mitigates the potential and significant risks to the financial institution related to the bank employing technology and electronic banking facilities for its products and services. This manual focuses on definitions of electronic banking risk identification and analysis of the complexity and sophistication of the activities in which electronic banking is present outlining the major steps in a risk management process for the electronic banking activities of the bank, namely, assessing risks, implementing measures to control risk exposures, and monitoring risks. Before we will go further, let me discuss with you the purpose of risk management manual to the banks like rural banks who are employing electronic banking system into their banking operations. The manual that we will be distributing to you is a general manuals but pattered on risks management involving banking systems, information and services. The manual focuses on about electronic banking and identification and analysis of risks. Based on the risks presented, it is outlining the major steps in a risk management process including assessment, implementation of measures to control bank exposures to such risks. Regardless of the level of sophistication, risks are inherent in all electronic capabilities. The objective of this manual is to help mitigate those risks.

3 ELECTRONIC BANKING Electronic banking is a broad term applied to activities involving updating banking and on-line accounts over a computer network or automated system. This area is highly dynamic as emerging technologies yield a variety of delivery alternatives that are becoming increasingly important due to: the increasing competition from non-bank financial services companies, the telecommunications industry, and systems or software developers; the demand for more efficient and convenient capabilities; and the widening cost and delivery differentials between electronic capabilities and traditional delivery channels. Electronic banking is a broad term applied to activities involving the banking and on-line accounts updating for value over a computer network or automated system. As significant participants in the marketplace, financial institutions are becoming more aggressive in adopting electronic banking capabilities that include sophisticated marketing systems, remote banking capabilities, and stored value programs. This area is highly dynamic as emerging technologies yield a variety of delivery alternatives and innovative products and services. Electronic systems are becoming increasingly important due to:

4 ELECTRONIC BANKING Electronic delivery and payment systems involve a wide range of potential risk exposures. The use of an electronic channel to deliver products and services introduces unique risks due to the increased speed at which systems operate and the broad access in terms of geography, user group, applications, databases, and peripheral systems. In addition to the unique risks, traditional risks which are similar to those in customary banking activities are also present.

5 RISK IDENTIFICATION AND ANALYSIS
Because of rapid changes in information technology, no list of risks can be exhaustive. However, the most important risk categories for electronic banking activities are operational risk, reputational risk and legal risk. Since banking is inherently a business in risk taking, it follows that bank’s involvement in electronic banking and other forms of electronic transmission places the bank at risk. In addition to functional risks, a bank’s assets are also exposed to risks of loss or destruction from intentional or unforeseen events.

6 RISK IDENTIFICATION AND ANALYSIS
The following risks are identified as the most common in the electronic banking environment: Operational Risk Reputational Risk Legal Risk Other Risk Take note that the operational word is “most common”

7 OPERATIONAL RISK Operational risk arises from the potential for loss due to significant deficiencies in system reliability or integrity. Security considerations are paramount, as banks may be subject to external or internal attacks on their systems or products. Operational risk can also arise from customer misuse, and from inadequately designed or implemented electronic banking and electronic payment systems.

8 OPERATIONAL RISK Operational risk can be further attributed to the following: Security Concerns Systems Design, Implementation, and Maintenance Customer Misuse of Products and Services Security -lost of cellphone; systems design etc. - lack of UAT “bank did not have the opportunity to determine the integrity of the G-Cash system vis-à-vis their banking system; misuse – lack of proper customer orientation/instruction on the part of the bank

9 OPERATIONAL RISK Security Concerns Controls over access to bank’s manual & computerized system within the bank External attacks by hackers through electronic banking systems Systems Design, Implementation & Maintenance Concerns If the banking system is not well designed and problems on compatibility with electronic banking “middle-ware” software Reliance on outsourcing development & maintenance posts risks as it expose the bank to potential infiltration and unauthorized access.

10 OPERATIONAL RISK Customer Misuse of Products & Services
As with traditional banking services, customer misuse, intentional or otherwise, is another source of operational risk. Risk may be heightened when the bank does not adequately educate its customers about security precautions. In the absence of adequate measures to verify transactions, customers may repudiate transactions they previously authorized thus imposing financial losses for the bank. Customers using personal information, user-ID and access codes in a non-secure electronic transmission could allow unlawful access to customer accounts. Subsequently, the bank may incur financial losses because of transactions that customers did not authorize. Money laundering may be another source of concern. Give example of misuse and abuse of technology – like text scam and proliferation of pornographic materials or other illegal means such as being used for hold-ups/robberies

11 REPUTATIONAL RISK Reputational risk means the risk for the bank to experience significant negative public opinion that may result in “losing popularity” with existing and potential customers. Reputational risk may result in creating a negative image of overall bank operations and may impair the bank’s ability to establish and maintain customer relationships. - emphasize that bank’s business is fiduciary- based on trust and confidence

12 REPUTATIONAL RISK Reputational risk arises when:
There is a loss of public confidence Bank products do not work as expected and cause widespread negative pubic reaction Customers who experienced problems with a product or service were not given adequate attention A breakdown in communications prevents the bank from responding timely to a customer’s concern News spread out that hackers have penetrated the bank’s network even though no damage has been done

13 REPUTATIONAL RISK Reputational risk is not limited to a particular bank but for the whole electronic banking industry. Attacks to the banking system utilizing the electronic banking technology are far more damaging as it may heavily disrupt the banking system as a whole.

14 LEGAL RISK Legal risk arises from violations of, or non-conformance with laws, rules, regulations, or prescribed practices, or when the legal rights and obligations of parties to a transaction are not well established. Given the relatively new nature of many retail electronic banking activities, rights and obligations of parties to such transactions are, in some cases, uncertain. For example, application of some consumer protection rules to electronic banking activities may not be clear. In addition, legal risk may arise from uncertainty about the validity of some agreements formed via electronic media. -getting sued

15 LEGAL RISK Legal risk arise when:
The bank is exposed to a money laundering scheme Customers are not adequately informed of characteristics of electronic banking that may affect their rights to privacy The bank participates in providing electronic authentication and digital certification services and may be liable for financial losses incurred on the parties relying much on the digital certification. Notes to the bullet points: Electronic transactions and fund transfers facilities are attractive to money launderers especially when it offers liberal balance and high transaction limits, and has limited auditability of transactions. . The bank when engaging in electronic banking activities can be proned to face legal risks especially when customers were not adequately informed as to the intricacies of the electronic banking particularly on the obligation of the bank to protect the privacy of the customer. As electronic commerce expands, banks may seek to play a vital role in providing electronic authentication systems, such as those using digital certificates. Providing certification, more so digital certification may expose the bank to legal risk. For example, a bank acting as a certification authority may be liable for financial losses incurred by parties relying on the certificate. In addition, legal risk could arise if banks participate in new authentication systems when rights and obligations are not clearly defined in contract or agreements

16 OTHER RISKS Traditional banking risks such as credit risk, liquidity risk, interest rate risk, and market risk may also arise from electronic banking activities, though their practical consequences may be of different magnitude for the bank as opposed to operational, reputational, and legal risks.

17 RISK MANAGEMENT The Risk Management System Risk Identification
Risk Management and Control Risk Assessment -key points in risk management

18 RISK MANAGEMENT SYSTEM
REPORTING STRUCTURE BOARD OF DIRECTORS RISK MANAGEMENT COMMITTEE Those who are responsible – everyone is responsible RISK OFFICER

19 RISK MANAGEMENT SYSTEM
Board of Directors The Board of Directors has the responsibility to adopt policies and guidelines to govern the safe and prudent operational activities of the bank. This includes operations involving electronic banking.

20 RISK MANAGEMENT SYSTEM
Risk Management Committee This Committee shall have the function of overall supervision and control over the risk management system of the Bank. Its mission is to protect the bank’s scarce capital from losses arising from activities that expose the bank to all types of risk involving electronic banking activities. The committee shall be tasked with reviewing electronic banking facilities used and employed by the bank, information security policies and procedures and other efforts necessary to ensure that the bank is protected against all kinds of penetration of other parties that will compromise the security of the bank in providing products and services electronically.

21 RISK MANAGEMENT SYSTEM
Tasks of the Risk Officer To see to it that the provisions of the Risk Management Manual are complied with by all concerned. To conduct familiarization seminars on the provisions of the Manual. To conduct a discovery process to identity risks that are not covered by the existing risk management provisions and submits appropriate recommendations for their control. To provide the Risk Management Committee with monthly monitoring report whether all policies and procedures written on the Manual have been adhered to. To submit to the Board of Directors, thru the Risk Management Committee, monthly reports on the implementation of, and compliance by all concerned with, the Manual, including his recommendations.

22 RISK MANAGEMENT SYSTEM
Together with the Internal Auditor, the Risk Officer shall conduct functional review over: The bank system’s internal controls and procedure The audit and testing of risk management process The depth and frequency of internal audit The development of adequate controls during product development at the early stage The continuous evaluation of the independence and overall effectiveness of the bank’s risk management functions Read as you read the bullet points: The Bank’s system of internal controls which shall promote effective and efficient operations; reliable financial and regulatory reporting; and compliance with relevant laws, regulations, and policies of the bank. The Risk and Compliance Officer and the Internal Auditor shall be responsible for determining whether internal controls meet these objectives, considering the overall control environment of the organization; the process of identifying, analyzing and managing risk; the adequacy of management information systems; and the adherence to control activities such as authentications, approvals, confirmations and reconciliations. The audit and testing of the risk management process and internal controls on a periodic basis, with the frequency based on a careful risk assessment. The depth and frequency of internal audit which shall be increased if weaknesses and significant changes have occurred on product lines, modeling methodologies, the risk oversight process, internal controls or the overall risk profile of the bank. The development of adequate controls to bring into the product development process at the earliest possible stage. The continuous evaluation of the independence and overall effectiveness of the bank’s risk management functions; and the involvement in the periodic review and evaluation of all bank policies and procedures developed for the bank’s key activities.

23 RISK MANAGEMENT SYSTEM
One of the keys to risk management is risk identification. The two distinct dimensions being faced by banks are the type of risk and the bank function that is at risk. To identify bank risk is to look at the various types of risk and determine which function is potentially vulnerable to that type of risk.

24 RISK MANAGEMENT AND CONTROL
The BOD shall approve all significant policies on risk management related to e-Banking The Chairman of the BOD shall be responsible in ensuring that there are clear delineation of responsibilities in managing risk The Chairman shall ensure that all approvals are in place and are adequate Risk Management Committee shall constantly review and update risk management guidelines BOD shall review and approve recommendations Development of new products shall have to be approved by the BOD The Board of Directors shall approve all significant policies relating to management of risk related to electronic banking throughout the bank. These policies shall be consistent with the bank’s business strategies, capital strength, electronically designed products and services, management expertise and overall willingness to take risk. The Chairman shall be responsible for ensuring that there are clear delineation of lines of responsibilities for managing risk, adequate systems for measuring risk, appropriate structured limits on risk taking, effective internal controls and comprehensive risk-reporting process. The Chairman shall ensure that all appropriate approvals are obtained and that adequate operational procedures and risk control systems are in place. Risk Management Committee shall review and evaluate risk management guidelines regularly since any change in either the bank’s activities or the market environment may create exposure that requires additional attention. The review shall include assessment of risk limits, methodologies, models and assumptions used in measuring risks. The review shall made at least annually, or whenever information and communication technology conditions and the bank’s risk position dictate, to ensure that they are appropriate and consistent with the bank’s risk-taking philosophy. Recommended changes in the risk management guidelines shall be submitted to the Board for approval. The Board of Directors shall approve products/services involving electronic banking activities that the bank shall offer. The policies governing such products/services shall be approved by the Board and set forth and documented in Information Security Policy and Procedure Manuals duly issued by the President. It is enough that risks are: Identified, measured, and assessed. It is equally, and even more important, that the risks are managed, controlled, minimized or even avoided. This manual will include risk control measures, vis-à-vis the various types of risks.

25 RISK ASSESSMENT Risk management should be included on the bank’s audit program The auditor shall accomplish the Risk Assessment report The auditor shall discuss the Risk Assessment Report to the department head or officer-in-charge The internal auditor and the risk management team shall recommend appropriate actions to address the risk Targets shall have to be set in reducing bank’s exposure to the risk, monitor accomplishment of these targets, and report results to top management Read as you read the bullets: Auditing Department shall include in its audit program an assessment of the various types of risk that the unit being examined is vulnerable to as specified in the risk matrix. The audit examiner in coordination with the Risk and Compliance Officer shall accomplish the Risk Assessment Report for each type of risk that the unit being examined is vulnerable to. The results of the risk assessment shall be discussed with the head or officer in-charge of the unit responsible for the risk. Emphasis shall be given on the factors that are rated high risk and those whose risk ratings have deteriorated compared to the previous assessment. The Risk Assessment Report shall be discussed with the Group Head of the unit concerned, and submitted to the Board of Directors, thru the Risk Management Committee, for approval. The Group Head, in coordination with the Risk and Compliance Officer, shall discuss with the head of the unit concerned appropriate action to be taken to reduce risk exposure in factor/s rated high and/or rated worse than in the previous assessment. The Group Head, in coordination with the Risk and Compliance Officer, shall set targets for reduction of exposure, monitor accomplishment of these targets and report results to the President.

26 THANK YOU

Download ppt "e-Banking Risk Management"

Similar presentations

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.

Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Charles E. Constantin Director, Senior Bank Regulatory Compliance Officer Royal Bank of Canada, RBC Capital Markets Institute of International Bankers.

Charles E. Constantin Director, Senior Bank Regulatory Compliance Officer Royal Bank of Canada, RBC Capital Markets Institute of International Bankers.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Security Controls – What Works

Security Controls – What Works
Internal Control and Internal Audit

Internal Control and Internal Audit
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

Similar presentations

Ads by Google