RISKS IN E-BANKING AND THEIR MANAGEMENT
IRJCInternational Journal of Marketing, Financial Services & Management ResearchVol.1 Issue 9, September 2012, ISSN 2277 3622RISKS IN E-BANKING AND THEIR MANAGEMENTPROF. VIRENDER SINGH SOLANKI**Institute of Productivity & Management,Meerut.ABSTRACTInternet banking and other modes of e-banking have been a blessing for banking as far asspeed, convenience and cost of delivery is concerned, but alongside it has brought manyrisks. It has also brought about a new orientation to risks and even new forms of risks.Technology plays a significant part both as source and tool for control of risks. Because ofrapid changes in information technology, there is no finality either in the types of risks ortheir control measures. E- Banking may soon convert from a complementary to the mainprovider of financial services and products. Consequently, a possible failure of a bankentering this sector can have various consequences on its future position in the market. Thebank‟s strategy should be readjusted so that it meets the new challenges with risk balance.KEYWORDS: E – banking, risks, operational, money laundering, cross borders, firewalls,customer education, auditing.THE RISKSThe growth of electronic banking has created a new basis with regard to the degree ofexposure to the risk and therefore consequently the need of not only a differentiatedregulating frame, but also mechanisms of monitoring to be formed, which has already begunto be shaped in the fields of Basle Committee of Banking Supervision.The business risk is the risk of not being able to achieve the business targets due toinappropriate strategies, inadequate resources or changes in the economic or competitive164The rapid spread of Internet banking all over the world is its acceptance as an extremely costeffective delivery channel of banking services as compared to other existing channels.However, internet is not an unmixed blessing to the banking sector. Along with reduction incost of transactions, it has also brought about a new orientation to risks and even new formsof risks to which banks conducting I-banking expose themselves. Regulators and supervisorsall over the world are concerned that while banks should remain efficient and cost effective,they must be conscious of different types of risks this form of banking entails and havesystems in place to manage the same. An important and distinctive feature is that technologyplays a significant part both as source and tool for control of risks. Because of rapid changesin information technology, there is no finality either in the types of risks or their controlmeasures. Both evolve continuously. The thrust of regulatory action in risk control has beento identify risks in broad terms and to ensure that banks have minimum systems in place toaddress the same and that such systems are reviewed on a continuous basis in keeping withchanges in ION
IRJCInternational Journal of Marketing, Financial Services & Management ResearchVol.1 Issue 9, September 2012, ISSN 2277 3622environment. It has to do with the ability the credit institution has in order to achieve theoperational objectives by exploiting the available opportunities in the market. The bigchanges on the banking sector and the adoption of fast paced evolving technology alsochange the traditional strategic risks. A bank that will rush into the adoption of newtechnologies so that it is rendered pioneer is risking losing its investment as informationsystems lose their value in very short time interval. Moreover, there is the risk of extensiveinvestment in particular products or services, which will not become acceptable by the endusers. On the other hand, if it maintains a more conservative attitude there is the risk ofbecoming last, in an environment where the competition is moving fast and strengthens itsplace in the market. Internet banking may soon convert from a complementary to the mainprovider of financial services and products. Consequently, a possible failure of a bankentering this sector, can have various consequences on its future position in the market,especially when the competition of the banks, which are clearly connected with the I-bankingand do not have any physical substance (virtual banks), is already given.THE RISKS IN E-BANKING ARE AS FOLLOWSOperational riskSecurity riskSystem architecture & design riskReputational riskLegal risksMoney laundering riskStrategic riskOther risk165Operations risk arises from fraud, processing errors, system disruptions, or otherunanticipated events resulting in the institution‟s inability to deliver products or services.This risk exists in each product and service offered. The level of transaction risk is affectedby the structure of the institution‟s processing environment, including the types of servicesoffered and the complexity of the processes and supporting technology. In most instances, ebanking activities will increase the complexity of the institution‟s activities and the quantityof its operations risk, especially if the institution is offering innovative services that have notbeen standardized. Since customers expect e-banking services to be available 24 hours a day,7 days a week, financial institutions should ensure their e-banking infrastructures containsufficient capacity and redundancy to ensure reliable service availability.www.indianresearchjournals.com1. OPERATIONAL RISK
IRJCInternational Journal of Marketing, Financial Services & Management ResearchVol.1 Issue 9, September 2012, ISSN 2277 3622BANKS FACE THREE MAIN TYPES OF OPERATIONS RISK(I)VOLUME FORECASTSAccurate volume forecasts have proved difficult - One of the key challenges encountered bybanks in the Internet environment is how to predict and manage the volume of customers thatthey will obtain. Many banks going on-line have significantly misjudged volumes. When abank has inadequate systems to cope with demand it may suffer reputational and financialdamage, and even compromises in security if extra systems that are inadequately configuredor tested are brought on-line to deal with the capacity problems.As a way of addressing this risk, banks should:undertake market research,adopt systems with adequate capacity and scalability,undertake proportionate advertising campaigns,Ensure that they have adequate staff coverage and develop a suitable businesscontinuity plan.In brief, this is a new area, nobody knows all the answers, and banks need to exerciseparticular caution.(II)MANAGEMENT INFORMATION SYSTEMSOperational risk can also arise from fraud. A financial institution‟s exposure to operationalrisk from fraud is the risk that a wrongful or criminal deception will lead to a financial lossfor one of the parties involved. Currency and checks are more vulnerable to loss or directtheft, whereas fraud is the primary concern in bank card payment transactions.Operational risk controls should include information system, procedural, administrative, andlegal measures to prevent or limit financial loss as a result of operational risk. Systemmeasures include monetary and time limits (per transaction, per payment instrument, per166Operational risk is the risk of incurring financial loss due to human or technical errors andfraud. Operational risk can arise from the failure to follow or complete one or more steps inthe prescribed authorization process. Operational risk includes the risks associated with thefailure of communications, the breakdown of data transport or processing, internal controlsystem deficiencies, human errors, or management failure. As a result, the financialinstitution could experience delays or disruptions in processing, clearing, and settling retailpayment transactions, that could lead to credit and liquidity problems at other omBanks may have difficulties in obtaining adequate management information to monitor theire-service, as it can be difficult to establish/configure new systems to ensure that sufficient,meaningful and clear information is generated. Such information is particularly important in anew field like e-banking. Banks are being encouraged by the FSA (Financial ServicesAuthorities) to ensure that management have all the information that they require in a formatthat they understand and that does not cloud the key information with superfluous details.
IRJCInternational Journal of Marketing, Financial Services & Management ResearchVol.1 Issue 9, September 2012, ISSN 2277 3622client), and personal authentication and encryption techniques to ensure the authenticity ofthe payer and transaction information integrity. Additional controls include the use ofcertified tamper-resistant equipment e.g., EFT/POS (electronic fund transfer/ Point of sales)terminals.Procedural measures include appropriate dual custody and separation of duties for criticalpayment transaction processing and accounting tasks, payment data verification, clear errorprocessing and escalation procedures, and confidential and tamper-resistant mailingprocedures for bank cards and other sensitive material. Administrative measures shouldinclude IT audit coverage of operational controls, legal controls (including regulatorycompliance and agreements), and personnel issues associated with staffing and training.(III) OUTSOURCINGFinally, a significant number of banks offering e-banking services outsource related businessfunctions, e.g. security, either for reasons of cost reduction or, as are often the case in thisfield, because they do not have the relevant expertise in-house. Outsourcing a significantfunction can create material risks by potentially reducing a bank‟s control over that function.Outsourcing is of course neither new nor unmanageable but banks should be mindful onoutsourcing, which addresses these risks.2. SECURITY RISKUnless specifically protected, all data / information transfer over the Internet can bemonitored or read by unauthorized persons. There are programs such as „sniffers‟ which canbe set up at web servers or other critical locations to collect data like account numbers,passwords, account and credit card numbers. Data privacy and confidentiality issues arerelevant even when data is not being transferred over the net.Data residing in web servers or even banks‟ internal systems are susceptible to corruption ifnot properly isolated through firewalls from Internet. Proper access control and technological167In addition to external attacks banks are exposed to security risk from internal sources e.g.employee fraud. Employees being familiar with different systems and their weaknessesbecome potential security threats in a loosely controlled environment. They can manage toacquire the authentication data in order to access the customer accounts causing losses to thebank.www.indianresearchjournals.comSecurity risk arises on account of unauthorized access to a bank‟s critical information storeslike accounting system, risk management system, portfolio management system, etc. Abreach of security could result in direct financial loss to the bank. For example, hackersoperating via the Internet could access, retrieve and use confidential customer informationand also can implant virus. This may result in loss of data, theft of or tampering withcustomer information, disabling of a significant portion of bank‟s internal computer systemthus denying service, cost of repairing these etc. Other related risks are loss of reputation,infringing customers‟ privacy and its legal implications. Thus, access control is of paramountimportance. Controlling access to banks‟ system has become more complex in the Internetenvironment which is a public domain and attempts at unauthorized access could emanatefrom any source and from anywhere in the world with or without criminal intent. Attackerscould be hackers, unscrupulous vendors, disgruntled employees or even pure thrill seekers.
IRJCInternational Journal of Marketing, Financial Services & Management ResearchVol.1 Issue 9, September 2012, ISSN 2277 3622tools to ensure data integrity is of utmost importance to banks.Identity of the person making a request for a service or a transaction as a customer is crucialto legal validity of a transaction and is a source of risk to a bank. A computer connected toInternet is identified by its IP (Internet Protocol) address. There are methods available tomasquerade one computer as another, commonly known as „IP Spoofing‟. Likewise useridentity can be misrepresented. Hence, authentication control is an essential security step inany e-banking system.Non-repudiation involves creating a proof of communication between two parties; say thebank and its customer, which neither can deny later. Banks‟ system must be technologicallyequipped to handle these aspects which are potential sources of risk. Banks should have:1.A strategic approach to information security, building best practice security controlsinto systems and networks as they are developed2.A proactive approach to information security, involving active testing of systemsecurity controls (e.g. penetration testing), rapid response to new threats andvulnerabilities and regular review of market place developments3Sufficient staff with information security expertise4.Active use of system based security management and monitoring tools.5.Strong business information security controls168Appropriate system architecture and control is an important factor in managing various Kindsof operational and security risks. A bank faces the risk that the systems it chooses are notwell designed or implemented. For example, a bank is exposed to the risk of an interruptionor slow-down of its existing systems if the electronic banking or electronic money system itchooses is not compatible with user requirements. Many banks are likely to rely on outsideservice providers and external experts to implement, operate, and support portions of theirelectronic money and electronic banking activities. Such reliance may be desirable because itallows a bank to outsource aspects of the provision of electronic banking and electronicmoney activities that it cannot provide economically itself. However, reliance on outsourcingexposes a bank to operational risks. Service providers may not have the requisite expertise todeliver services expected by the bank, or may fail to update their technology in a timelymanner. A service provider‟s operations could be interrupted due to system breakdowns orfinancial difficulties, jeopardizing a bank‟s ability to deliver products or services. The rapidpace of change that characterizes information technology presents banks with the risk ofsystems obsolescence. For example, computer software that facilitates the use of electronicbanking and electronic money products by customers will require updating, but channels fordistributing software updates pose risks for banks in that criminal or malicious individualscould intercept and modify the software. In addition, rapid technological change can meanthat staff may fail to understand fully the nature of new technology employed by the bank.This could result in operational problems with new or updated systems.www.indianresearchjournals.com3. SYSTEM ARCHITECTURE AND DESIGN RISK
IRJCInternational Journal of Marketing, Financial Services & Management ResearchVol.1 Issue 9, September 2012, ISSN 2277 36224. REPUTATIONAL RISKReputational risk is the risk of getting significant negative public opinion, which may resultin a critical loss of funding or customers. Such risks arise from actions which cause majorloss of the public confidence in the banks' ability to perform critical functions or impair bankcustomer relationship. It may be due to banks‟ own action or due to third party action. Themain reasons for this risk may be system or product not working to the expectations of thecustomers, significant system deficiencies, significant security breach (both due to internaland external attack), inadequate information to customers about product use and problemresolution procedures, significant problems with communication networks that impaircustomers‟ access to their funds or account information especially if there are no alternativemeans of account access. Such situation may cause customer-discontinuing use of product orthe service. Directly affected customers may leave the bank and others may follow if theproblem is publicized.Other reasons include losses to similar institution offering same type of services causingcustomer to view other banks also with suspicion, targeted attacks on a bank like hackerspreading inaccurate information about bank products, a virus disturbing bank‟s systemcausing system and data integrity problems etc.Possible measures to avoid this risk are to test the system before implementation, backupfacilities, contingency plans including plans to address customer problems during systemdisruptions, deploying virus checking, deployment of ethical hackers for plugging theloopholes and other security measures.It is significant not only for a single bank but also for the system as a whole. Under extremecircumstances, such a situation might lead to systemic disruptions in the banking system.Thus the role of the regulator becomes even more important as not even a single bank can beallowed to fail.Another legal risk is related with the protection of the customers‟ personal data. Bad use bythe bank personnel or by exterior malignant intruders can expose a bank in serious legal risks.It is possible that the intruders acquire access in the databases of the banks and use the data ofcustomers in order to commit a fraud. In this case a legal risk is created by the bad or notcertified use of customers‟ data. The legal risks, in which the financial institutions will beexposed from the use of electronic banking, are expected to increase because of theuncertainty that characterizes the wider legal framework and the specific lawful regulationsof transactions through an open electronic network as the internet is. The uncertainty with169Legal risk is the risk of non-compliance with legal or regulatory requirements. The legal risksare directly related to the electronic banking and they are increased as its use is extended.They mainly stem from the uncertainty that exists in the legal – regulative frameworkconcerning the electronic banking. In most countries an explicit regulating framework doesnot exist and this is owed to the little experience regarding the sector of electronic banking.The problem becomes even bigger when a bank offers its electronic services to othercountries as well, since a unified legal frame in international level does not exist. Eachcountry puts its own rules into effect and it is difficult for a bank to constantly adapt itsservices and to be acquainted with all the laws that are in effect in every country.www.indianresearchjournals.com5. LEGAL /COMPLIANCE RISK
IRJCInternational Journal of Marketing, Financial Services & Management ResearchVol.1 Issue 9, September 2012, ISSN 2277 3622regard to the validity of transactions, the protection of personal data, the involuntaryconsumer‟s exposure to foreign jurisdiction, the tax evasion, the laundering of money, theelectronic fraud but also the legal responsibility in case a system collapses, increase theexposure to the legal regulatory risks.In terms of the European Union, a regulating frame has been developed that is concernedwith questions such as the electronic (digital) signatures, the distant rendering of financialservices, as well as the Directive on the electronic commerce.A customer inadequately informed about his rights and obligations, may not take properprecautions in using Internet banking products or services, leading to disputed transactions,unwanted suits against the bank or other regulatory sanctions. In the enthusiasm of enhancingcustomer service, bank may link their Internet site to other sites also. This may cause legalrisk. Fu
International Journal of Marketing, Financial Services & Management Research Vol.1 Issue 9, September 2012, ISSN 2277 3622 m 164 RISKS IN E-BANKING AND THEIR MANAGEMENT PROF. VIRENDER SINGH SOLANKI* *Institute of Productivity & Management, Meerut. ABSTRACT Internet banking and other mode
2. R.K. Gupta, Banking - Law and Practice (2nd ed. 2008) 3. Mark Hapgood, Paget’s Law of Banking (13th ed., 2007) 4. M.L. Tannam, Banking Law and Practice in India (23rd ed., 2010) Topic 1: The Evolution of Banking Services and its History in India History of Banking in India, Bank Nationalization and social control over banking, Various
E-banking is also called virtual banking or online banking. E-banking is defined as the automated release of new and traditional banking products and services directly to customers through electronic interactive communication channels.Electronic banking refers to more than a few types of services through which .
The Evolution of Islamic Banking System in Muslim countries: Before describing the evolution of the Islamic banking it is important to understand what Islamic banking is and what are its principles or features. 1.1) What is Islamic Banking? Islamic Banking is banking or financing activity that is based on Shariah (Islamic Law) and all
Key words: Internet Banking, Electronic Banking, Digital Banking. 1. Introduction: Digital banking means the digitalization of all traditional activities of bank through ATM machines, debit cards, credit cards, mobile banking, electronic banking, virtual cards and others. With the help this instruments the consumer doing bill payments, with
the user identification that you select to access Online Banking and MidFirst Mobile. Your User ID should be kept confidential. ee. You, your, yours: the individual using Online Banking or MidFirst Mobile and accepting and/or agreeing to this Agreement by using Online Banking or MidFirst Mobile. 2. Online Banking Features and Services . a.
based banking and Islamic banking as largely discussed by numerous scholars and researches. Conversely, ethical banking is essentially believed to be a concept which comprises of a banking system that embraces environmentally and socially conscious practices. Wilson (1997) deliberate that ethical investment products is a
Internet banking via the mobile phone is considered fast and reliable. Studies states that Internet banking or online banking transactions is achieved with the Internet connected to a network and is said to be a safe and useful way to conduct banking. Electronic banking services can be done at home without the
Table 4.8 Agent Banking Implementation Opportunities Responded by Agents. Opportunities And Challenges of Agent Banking the Case of Selected Commercial Banks in Ethiopia vi ABSTRACT Agent banking is a form of branchless banking which allows people to access bank accounts, making deposit, withdraw, and transfer funds, pay their bills, inquire .
