Risk Management in Online Banking

1
Risk Management in Online Banking

• By Savanid Vatanasakdakul, ID. 2312426

2
Overview

• The concept of Risk Management which covers risk
  analysis and step of accessing risk
• Online Banking Capabilities
• Areas of Concerns and Associated Risks
• Risk Management Principle for Online Banking

3
Risk Management

• Managing Risk shows how risks can be identified
  and reduced economically and effectively, before
  serious damage occurs.
• (Johnstone-Bryden 1995)

4
Risk Management
Risk Control Exposure

• Risk Anything of variable uncertainty and
  significance that interferes with achievement of
  business strategies and objectives.
• Control Action to correct or reduce uncertainty
  or the significance of outcomes to an acceptable
  level, through risk management, transfer,or
  avoidance.
• Exposure Susceptibility of business strategies
  and objectives to risk remaining after control
  and mitigation activities.

5
Risk Analysis
Impact
Unacceptable exposure
Acceptable exposure
Uncertainty
6
How to assess risk

• Identifying risks.
• Assigning values to those risks.
• Categorizing the magnitude of risk.
• For example, on a scale of 1 to 10, or as high,
  medium, and low priority.

7
Online Banking
8
Online Banking

• Why online banking are becoming increasingly
  important?
• The increasing competition from non-bank
  financial services companies, the
  telecommunications industry, and systems or
  software developers.
• The demand for more efficient and convenient
  capabilities.
• The widening cost and delivery differentials
  between electronic capabilities and traditional
  delivery channels.

9
Defined the Functionality

• Level I systems (Information-only systems)
• System can simply provide information as defined
  by the publisher or allow for transmission of
  non-sensitive electronic mail

10
(No Transcript)
11
(No Transcript)
12
Defined the Functionality

• Level II (Electronic information transfer
  systems)
• Electronic information transfer systems are
  interactive in that they provide the ability to
  transmit sensitive messages, documents, or files
  between financial institutions and users.

13
(No Transcript)
14
(No Transcript)
15
Defined the Functionality

• Level III (Fully Transactional Information
  Systems)
• System can facilitate electronic funds
  transfer and other financial transactions
  (electronic payment systems).

16
(No Transcript)
17
(No Transcript)
18
New Risks

• First, unprecedented speed of technological
  change, and assess how it relates to their
  technology investments and their ability to
  provide consistently high-quality customer
  service.
• Second, increase in dependent on third parties to
  provide the necessary information technology.

19
New Risks

• Third, Security and New means of attack
  ..Internet banking becomes more widespread and
  complex, the need for banks to assess and manage
  security risks will become even more crucial.
• Forth, Cross-border implications of Internet
  banking.

20
Control Areas
Planning and Deployment
Operating Policy and Procedure
Audit
Law and Regulatory
Administration and System Operations
Vendor and Outsourcing
System Failure
21
Planning and Deployment
Area of Concern Specific Risks and Concerns
Planning and Deployment Inadequate decision processes while considering, planning, and implementing electronic capabilities Impact of technology cost and pricing decisions on financial position System design and capabilities may not meet customer demands Implications of increasing competition
22
Operating Policies and Procedures
Area of Concern Specific Risks and Concerns
Operating Policies and Procedures Managerial or technical incompetence relative to electronic activities Existing controls may not adequately protect confidential electronic information Existing policies and procedures may not address the transaction speed and broad reach of electronic channels
23
Audit
Area of Concern Specific Risks and Concerns
Audit Audit trails may be lacking in electronic systems
24
Legal and Regulatory
Area of Concern Specific Risks and Concerns
Legal and Regulatory Uncertain enforceability of digital contracts, agreements, and signatures Regulatory User privacy issues Uncertain legal jurisdiction with respect to taxation, criminal, and civil laws Uncertain applicability of financial recordkeeping, disclosure, and other requirements Uncertain acceptability of electronic documentation/disclosures under various regulations
25
Administration and System Operation
Area of Concern Specific Risks and Concerns
Administration and System Operations Hardware and/or software failures or disruptions System and/or database compromise Inadequate system capacity System obsolescence Inadequate protection of electronic communications Inadequate system security and controls
26
Vendors and Outsourcing
Area of Concern Specific Risks and Concerns
Vendors and Outsourcing Reliance on vendor competence to perform critical functions Internal controls may not extend to third party vendors Weak system support among vendor group Maintenance and administration of multiple inter-related systems, activities Failure to monitor inter-relationships among multiple financial institutions, vendors or originators, and participants within a payment system
27
System Failure
Area of Concern Specific Risks and Concerns
Natural Disaster Business process cannot be operated Financial Loss Unable to recovery data and/or program
System attacks Unauthorized person gains access to systems Loss of confidentiality and integrity of data
28
Risk Management

• Risk management is the ongoing process of
  identifying, measuring, monitoring, and managing
  potential risk exposure.

29
Risk Management Principle For Online Banking

• Board and Management Oversight
• Effective management oversight of online banking
  activities. E.g. Management supervision and
  internal controls
• Establishment of a comprehensive security control
  process. E.g. Strategic planning and feasibility
  analysis, Risk analysis, Impact analysis
• Comprehensive due diligence and management
  oversight process for outsourcing relationships.

30
Risk Management Principle For Online Banking

• Security Controls
• 1. Authentication of online banking
  customers.2. Non-repudiation and accountability
  for
• online banking transactions.3.
  Appropriate measures to ensure segregation
• of duties.4. Proper authorisation
  controls within online
• systems, databases and
  applications.5. Data integrity of online banking
  transactions,
• records and information.

31
Risk Management Principle For Online Banking

• Security Controls
• 6. Establishment of clear audit trails for
  
• online transactions.
• 7. Confidentiality of key bank
  information.

32
Risk Management Principle For Online Banking

• Legal and Reputation Risk Management
• 1. Appropriate disclosures for online banking
  
• services.2. Privacy of customer
  information.3. Capacity, business continuity and
  contingency
• planning to ensure availability of online
  
• banking systems and services.4. Incident
  response planning.

33
(No Transcript)
34
(No Transcript)
35
Conclusion

• Risk Management should be the importance issue
  that Banks managements concern.
• The level of service functionality
• Areas of Concern and Risk Identify
• Risk Management Principle For Online Banking

36
Question and Answer