Risks of electronic banking operations
12/7/2018 12:00 am
Ali Al Waili
With the expansion of financial operations in Iraq through public banks and the expansion of Islamic banks and the adoption of electronic banking systems, the need to stand at the risk of these operations has emerged in our economy, which is looking for large-scale construction and reconstruction requires sophisticated banking services.
First: the sources of risk for electronic payments
As banking operations become technology-based in all their activities, the risks of e-banking are emerging as the most important risks faced by banks. The risks of e-banking have several sources:
1. As banks are dependent on third parties, which are contracted by the Bank to manage the appropriate technological infrastructure to support electronic banking systems, where its systems are linked to third party systems, and therefore banks may be exposed to high operational risk If the electronic banking systems are not fully integrated, they should be properly monitored and controlled, and the regulatory authorities should have a role in assessing the extent to which the Bank has the ability to control and control these systems to avoid this Risk or reduce the chances of exposure.
2 - The process of assigning some internal work to external parties, may expose the bank to systemic repercussions in the event of a problem of one of these providers, as the growing reliance by the bank on a large number of external service providers and the process of support in the event of a defect One or more external service providers may expose banks to financial, legal and other risks related to the reputation of the Bank and additional risks associated with confidentiality.
3. A second source concerns the issue of security and protection, since electronic distribution channels are open. Banks should ensure the confidentiality and integrity of information, verify customers' identity and legitimacy for bank accounts and control the access of legitimate customers to their accounts in order to avoid fraud, deception and fraud. The illegal penetration of the Internet and the accounts of the original customers.
Therefore, the banking departments should develop their internal systems in accordance with the applicable international standards and rules, and establish appropriate protection systems to ensure the identity of customers and the legitimacy of prevention P, encryption and others.
4. The Bank is likely to be exposed to reputational risk in the event that online banking is not provided in accordance with the criteria of safety, confidentiality, accuracy, timeliness, continuity and immediate response to the needs and requirements of the customers.
Therefore, in order to protect the Bank from any negative situations that may cause damage to its reputation, It must develop, monitor and monitor performance standards for e-banking activities. New threats have emerged, namely terrorism-E, because of their significant negative impact on banking performance and the risks of financing terrorist operations in the world.
Therefore, the foundations and studies needed to combat these risks must be established in order to ensure the protection and safety of banking operations.
5. One of the main risks of e-banking operations is the lack of a good Internet service for the provision of electronic banking products and services. Therefore, the bank should provide alternative backup means to distribute services in the event of a certain defect in the Internet.
Second: Procedures for managing the risks of electronic payments
These actions are sound policies and practices related to information security management, and its role in developing the e-security system with quality assurance, through continuous monitoring in the integration of information and used by their risk management systems.
1. Information security regulators should develop a comprehensive approach to risk management associated with internal and external protection systems. They are related to the issue of information integrity to protect the banking system as a whole, which should improve the ability to interfere internally and externally to effectively manage relationships with customers and banks. And other external service providers.
2. Banks should have the policies, practices and procedures required to monitor electronic payments, ensure that the system of monitoring loss events caused by large lines of business is maintained and that exposure to such risks is compromised. Banks should also assess the cost and return of electronic banking operations in general.
The element of confidentiality and accuracy
3. The necessity of the bank's attention to the efficiency of external service providers, the adequacy of the contracts signed with them and the soundness of their terms. These contracts focus on the confidentiality and accuracy of the collection and use of customer information by third parties. Information security in light of the rapid technological development in general, and that the most important terms of these contracts include:
• Signing the contract substantively by the commissioners at the bank and suppliers.
• Verification of the items mentioned in the contract and the amounts and penalties.
• Ensure that the legal department approves the contract.
• Verify that the contract is renewed based on the needs of the bank on the dates / before the expiry of its validity.
• Verification of non-renewal of contracts for unutilized systems.
• Check for approvals according to the terms of reference when recommending payment of bills.
4 - The need for the bank to have effective and effective internal control and auditing systems and to activate its role in the exploration and correction of errors and protect the information and assets of the bank and the detection of frauds and identify the causes of these errors, the sources of which are internal and external.
5 - Ensure that all security and protection standards are applied in the process of conducting an alternative site inspection, as well as ensuring that there is a cadre equipped to participate in the business continuity plan in case of disasters.
6. Verify that the department does not grant access to server rooms unless authorized by Access Cards. And a Review of Logs for Access Door
7 - The commitment of the departments and departments involved in electronic financial operations at the bank to provide statistical reports periodically on the nature of the technological and financial problems that the Bank and its customers, as the security events are supposed to be reported through channels of communication clear and as soon as possible, and all employees and external suppliers to Be aware of their responsibilities to report these events. And to draw up clear reporting procedures to include:
1 - Forms approved to be filled in order to assist the reporting officer so that his report is comprehensive of all requirements and information.
2. The report should contain the necessary details.
5 - not to take any individual decisions by individuals, but is supposed to be informed of the decision-makers and the implementation of the procedures.
Third: Recommendations of the Basel Committee
The Basel Committee on Banking Supervision in 2001 referred to some principles related to the management of operational risks in addition to what was mentioned through some axes and the most important:
1. The Board of Directors should be aware of the Bank's core operational risk elements and deal with them as a separate group to be monitored.
The Bank's Operational Risk Strategy should be periodically reviewed and adopted.
The strategy should reflect the Bank's ability to overcome the evolving operational risks of this risk category. Is responsible for adopting the basic form in the overall framework of operational risk management and human resource development and training.
2. The senior management should take responsibility for implementing the operational risk strategy approved by the Board of Directors and apply this strategy in a manner consistent with the Bank's bylaws. Employees should have an understanding of their responsibility for operational risk management.
Senior management must also take responsibility Develop the policies, practices and steps required to manage operational risk to be applied to all Bank products, activities, processes and systems at all levels.
3 - The need for availability of information within the banking institution when needed and create a spirit of cooperation to create the appropriate climate for the management of operational risks in the bank by developing communication systems within the different sectors of the bank, and must take into account the objectivity and the importance of periodic reports that will help senior management in the process of monitoring the efficiency of the system Operational risk management.
4. The Board of Directors also has a supervisory view to monitor the performance of e-financial departments in order to identify the risks of self-employment in all types of products and activities, as well as processes and systems. The risks of self-employment are taken into consideration through appropriate evaluation steps before any products And new systems.
Pending the establishment of specific risk management standards, the Bank will be required to meet the challenge of establishing effective controls to ensure the accuracy and integrity of the information obtained and transferred, identify the procedures required to measure these risks, and develop staff skills through the development of merit criteria And periodic evaluation as well as their participation in specialized vocational training programs to keep pace with the developments of modern technology.
E-risk, cybercrime and e-payment are all coming to the fore by dealing with electronic financial operations and will continue to be key issues in the future.
Dr.. Khader Thira, Financial Crimes in Electronic Space, Publishing Company for Distribution and Publishing, Beirut, 2013
Dr.. Wael Al-Dabaisi, Banking Operations Guide in the Banking Sector, Legal Status and Antiquities, Union of Arab Banks, 2010)