Scribd Logo
Upload

Welcome to Scribd!

  • Managing Risks of Internet Banking - Presentation

    Uploaded by

    K T A Priam Kasturiratna
    97 views32 pages
    Conference presentation on best practices used to manage risks in Internet Banking Services

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Conference presentation on best practices used to manage risks in Internet Banking Services

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    97 views32 pages

    Managing Risks of Internet Banking - Presentation

    Uploaded by

    K T A Priam Kasturiratna
    Conference presentation on best practices used to manage risks in Internet Banking Services

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 32

    Managing Risks of Internet Banking

    Priam Kasturiratna
    2nd National Conference on Information Systems Audit,Control and Governance 23 & 24 March 2006 Colombo Sri Lanka

    What is Internet Banking

    Use of Internet as a Remote Delivery Channel for Banking Services


    Bank

    Most Common Services in Internet Banking


    Information on Banking Services Account listings and Inquiry Financial Transfer Transactions Bill Payment & Presentment Recurring Transfers (Standing Orders) Cheque Book Ordering Stop Payment of Cheques Account Statement Ordering Opening Accounts (for existing Internet Banking customers) Opening New Customer First Account

    . Next

    What is the Risk in Internet Banking ?

    Risks of Internet Banking


    An Act or an Event that would have an Adverse Impact on the Internet Banking Customer and/or the Bank

    Risk Categories of Internet Banking


    1. Strategic Risk
    Business Decisions on Internet Banking Improper Implementation of Decisions Weak Responsiveness to Industry/ Environmental changes Laws & Regulations,changing conditions Contractual obligations Rules/Prescribed Practices in the Banking or Internet Banking Industry Ethical Standards

    2. Legal & Regulatory Compliance Risk


    Risk Categories of Internet Banking


    3. Transactional Risk
    Errors, Frauds in Internet Banking Failure to maintain Internet Banking Service Levels

    4. Marketing & Reputational Risk


    Negative Public Opinion for Internet Banking Services Customer Dissatisfaction due to low Service Levels

    Risk Categories of Internet Banking


    5. Credit Risk
    Obligors failure to honour terms of Credit Facilities granted to Internet Banking customers

    6. Exchange Risk
    Asset/Liability values affected by Inter-currency transactions via Internet Banking due to Exchange Rate Fluctuations

    Risk Categories of Internet Banking


    7. Interest Rate Risk
    Internet Banking Asset/Liability Management in changing Internet Rate conditions

    8. Liquidity Risk

    Problems in meeting obligations due to high volatility of Internet Banking Funds

    9. Information Security Risk

    Inadequate or improper Information Security Processes affecting Internet Banking

    Risk Categories of Internet Banking

    1. Strategic Risk 2. Legal & Regulatory Compliance Risk 3. Transactional Risk 4. Marketing & Reputational Risk 5. Credit Risk 6. Exchange Risk 7. Interest Rate Risk 8. Liquidity Risk 9. Information Security Risk

    Why talk about making Internet Banking Safer


    Internet Banking is a popular delivery channel with growing Number of users Banks and Customers depend on Internet Banking Use of Payment Methods in 2004 Internet Analysis in Rupees Billions Banking LKR 120.0 LKR 110.0 helps LKR 100.0 LKR 80.0 to LKR 60.0 LKR 60.0 Manage LKR 33.3 LKR 40.0 our LKR 20.0 LKR 4.7 LKR 0.0 assets
    Phone/SMS Banking Credit Cards SLIPS Internet Banking
    Source : Central Bank of SL Annual Report 2004

    . Now
    You are facing a RISK

    What are your options ?

    Risk Management Process

    First Identify Vulnerabilities, and the Threats Assess Risk Take Countermeasures to Treat the Risk Asset valuation Countermeasures/ Threat Assessment
    Risk Treatment Vulnerability Assessment Risk Assessment

    Control Evaluation

    Action Plan

    Residual Risk
    Source : IT Governance Institute

    Risk Management Options


    Terminate the Risk generating activity Internet Banking OR Transfer the Risk Treat the Risk Accept the Risk

    Transferring Internet Banking Risks


    Risk Transferring Methods Purchase Insurance for specific & assessable Risks
    Effective when Probability is low and Impact is HIGH

    Obtain Indemnity Agreements from Service Providers (outsourced) Risk Transfer Result

    Financial Impact could be covered Legal Responsibility would still exist

    Treatment & Mitigation of Internet Banking Risks


    1. Strategies Business or Marketing Decisions
    Facilities to existing customers ONLY Limit access only to local currency accounts

    New customers can open Deposit Accounts without visiting a branch Inter-currency transfers facilitated 24X7

    How to mitigate Internet Banking Risks


    2. Policies, Standards, Processes & Procedures
    Policies

    Treatment & Mitigation of Internet Banking Risks


    2. Policies, Standards, Processes & Procedures Integrating Risk Mitigation Activities into Lifecycle
    Registration of new customers Requests/Issues/Disputes Management Managing Customer Service Standards Transaction/Activity monitoring

    Periodic and/or Concurrent Auditing Change Management Processes

    Treatment & Mitigation of Internet Banking Risks


    3. Contractual Relationships Internet Banking User Agreements Service Level Agreements
    Software/Hardware Systems or Support Communication Service Providers Security Service Providers/Support Outsourced Activities
    Data Processing Physical Security Services Courier Services

    Treatment & Mitigation of Internet Banking Risks


    4. Security Implementations Firewalls Secure Socket Layer (SSL) Secure ID Intruder Detection Systems Virus Protection

    Treatment & Mitigation of Internet Banking Risks


    5. Restrictions & Controls User Authentication
    Sign-on level authentication Transaction level authentication

    Password Management

    Minimum Length Combination of numeric,alpha,~!*(@#$%^ Validity period & forced change on expiry

    Treatment & Mitigation of Internet Banking Risks


    5. Restrictions & Controls Transaction Value based Limits

    Cumulative Limits - Daily/Weekly..etc. Customer Specific Limits

    Inter Currency Txn. Restrictions


    Currency Specific Limits Pre-registration of Payees Transactions restricted to Local Currency

    Restrictions on 3rd Party Transfers

    Offline Only Requests

    Treatment & Mitigation of Internet Banking Risks


    5. Restrictions & Controls (Business Entry & Authorization of Txns.
    One User to Enter Higher Level User to Authorise
    Clients)

    Use of Authority Levels & Profiles

    Inquiry Only Users Txn. Entry Profile & Auth. Profile Business Requirement Specific Profiles
    Users with only Trade Finance Options Users with access to a specific Account/s

    Treatment & Mitigation of Internet Banking Risks


    6. Internet Banking Admin. Training Systems & Application expertise Security Technology expertise
    Firewalls IDS

    Operational & Backup procedures Help Desk Services Management Risk Management

    Treatment & Mitigation of Internet Banking Risks


    6. Internet Banking Admin. Training Incident Identification & Response
    Malicious Code attacks Unauthorised access or Misuse Denial or Disruption of Service Surveillance & Espionage Hoaxes or Social Engineering Periodic Simulations & Rehearsals

    Knowledge sharing within the industry

    Treatment & Mitigation of Internet Banking Risks


    6.Internet Banking User Train./ Education Password Management
    Predictable or Common Passwords Divulging passwords to others Saving User ID/Password on PC/Laptop Signing-off before leaving the terminal Minimizing (or never)use of Public Terminals to access Internet Banking

    Sign-on/off habits

    Vigilance, Care & Good Financial Management habits


    Periodic Reconciliation of Accounts Immediate notification of errors to Bank

    Treatment & Mitigation of Internet Banking Risks


    6.Internet Banking User Train./ Education Good Faith

    Intended Use of Services in intended manner Prompt Notification of errors or irregularities to Bank

    Awareness & being updated on possible Risks,Technology Trends


    Keystroke Recording Hidden Cameras Social Engineering

    Treatment & Mitigation of Internet Banking Risks


    7. Business Continuity Planning Not ONLY Disaster Recovery Centre A living plan based on Business Impact Administered & Coordinated BCP/DRC Team, Responsibilities Hardware, Communication & other Systems Processes & Procedures Training & Rehearsals

    Risk Management in Internet Banking A Summary Identified what is todays Internet Banking How various Risk Elements adversely affect Internet Banking Discussed traditional and new Risk Management Techniques available to Banks & Customers for Internet Banking Risk Mitigation

    What is successful Risk Management in Internet Banking? - Conclusions


    Risk is a part of Internet Banking Business Assess the Risk Profile of your Internet Banking Organization Determine the Acceptable Level of Risk Finding the Correct Blend of Techniques considering the Risk Profile,Impact & Cost of Risk Treatment Techniques Implement, Accept the Residual Risk Evaluate Results, improve capabilities Continue Risk Management as a part of Internet Banking Business

    Discussion
    ??????

    Thank you

    You might also like