Upload
hubert-van-de-vyver
View
429
Download
0
Embed Size (px)
Citation preview
Compliance and risk management in ebanking
January 2016
H. Van de Vyver
Compliance and risk management
19 January 2016
2
Risk management
Fourteen principles for a sound risk management
Cross border issues
Risk policy
Laws and legislation, a way to tackle risks?
Compliance
Risk Management
19 January 2016
3
Technology and infrastructure
Security
Data integrity
System reliability
Internal controls-audits
Outsourcing
Types of risk (1)
Risk Management
19 January 2016
4
Types of risk (2)
Reputational risk
Legal risk
Other traditional risks
Credit
Liquidity
Market
Foreign exchange
519 January
20165
Risk Management
Credit
Liquidity
Risk Management
19 January 2016
6
Tools
Support and oversight by the board of directors
Supervisory staff
technological knowledge
appropriate technological skills
Technical training of staff
Recruit outside expertise
http://www.isaca.org/Journal/Past-Issues/2001/Volume-6/Pages/Risk-Management-for-Internet-Banking.aspx
Fourteen principles
19 January 2016
7
A) Board and management oversight
Effective oversight of e-banking activities
Establishment of a comprehensive control process
Comprehensive due diligence and management oversight processfor outsourcing relationships and other third party dependencies
Source: Basel Committee on Banking Supervision, Risk management Principles for Electronic Banking
Fourteen principles
19 January 2016
8
B) Security controls
Autentication of e-banking customers
Non-repudiation and accountability for e-banking transactions
Appropriate measures to ensure segregation of duties
Proper autorisation controls within e-banking systems, databases and applications
Data integrity of e-banking transactions, records and information
Establishment of clear audit trails for e-banking transactions
Confidentiality of key bank information
Source: Basel Committee on Banking Supervision, Risk management Principles for Electronic Banking
Fourteen principles
19 January 2016
9
C) Legal and reputational risk management
Appropriate disclosures for e-banking services
Privacy of customer information
Capacity, business continuity and contingency planning to ensure availability of e-banking systems and services.
Incident response planning
Source: Basel Committee on Banking Supervision, Risk management Principles for Electronic Banking
Cross border issues
19 January 2016
10
Technology expanding the virtual geographical reach of banks and customers
No need of physical expansion
Interconnected networks
-> countries not licensed or supervised
Banking and non-banking activities
Different jurisdictions
Cross border issues
19 January 2016
11
Cross border issues
19 January 2016
12
Existing regulation, laws, controls etc apply to e-banking
Bank mostly refrain from cross border activities in e-banking
-> Addition of e-banking to existing Brick and Mortar
Cross border issues
19 January 2016
13
Cross border issues
19 January 2016
14
Three challenges
1. E-banking span geographic borders
-> call into question regulations and juridical requirements
2. Foreign competitors conduct nearly identical activities : restrictive approach
3. Uncertainty during the period of construction of legal infrastructure
Cross border issues
19 January 2016
15
The in-out scenario
(bank in country– customers outside country)
Home country responsible for laws on consolidated basis
Same regulations and controls within home country
Host approaches home country supervisor
Cross border issues
19 January 2016
16
The out – in scenario
(outside country bank – in country clients)
Physically foreign bank, access to payment in local market
Host supervisor checks if he needs some additional license
Danger of lack of jurisdiction in host country
Cross border issues
19 January 2016
17
Positive notes
Cheaper and less risky operations
Resources in home country (easily switch from one foreign market to another)
Objective of reaping economies of scale
Critical notes
Hard to build trust
Less familiar with market conditions
Risk Policy
19 January 2016
18
Source: Deloitte.com
Risk Policy
19 January 2016
19
Assess risks
Control risks
Monitor risks
Integrate in overall riskmanagement
Supervisory staff
Technical training
Outside expertise
Risk management
19 January 2016
20
© hdpaperwall.com
Case study Estonian Banks
19 January 2016
21
Source: Deloitte.com
Legislation
19 January 2016
22
Introduction Europe Others International
Legislation
19 January 2016
23
EuropeDirective on prospectuses
Date: May 2001
Objectives:
create a single passport for issuers offering securities to the public
available on the website or in electronic format
http://ec.europa.eu/internal_market/accounting/legal_framework/prospectus_directive/original_text_en.htm
Legislation
19 January 2016
24
EuropePersonal Data protection Act
Directive 95-46-EC
Objectives:
Free movement of personal data
Rules for the state, companies and individuals
Appropriate level of protection
http://ec.europa.eu/justice/data-protection/
Legislation
19 January 2016
25
EuropeDirective on e-money institutions
Directive 2000-46-EC; 18th September 2000
Objectives:
Promote consumer confidence in the use of e-money
Establish regulatory framework for electronic money institutions
Legislation
19 January 2016
26
EuropeDirective on e-money institutions
Legislation
19 January 2016
27
EuropeDirective on e-security
Date: 6th June 2001
Objective: ensure confidentiality and accessibility of networks and information
http://ec.europa.eu/digital-agenda/en/news/commission-proposal-directive-concerning-measures-ensure-high-common-level-network-and
Legislation
19 January 2016
28
EuropeElectronic signature act
Directive 1999-93-EC
Objective: Legal framework and technical conditions for electronic signature
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1414248022776&uri=CELEX:32014R0910
Legislation
19 January 2016
29
EuropeDirective on traffic data retention
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&qid=1414248022776&from=EN
Legislation
19 January 2016
30
Europe
Distance selling of financial services
Mutual recognition of the banking licence/prudential supervision
http://ec.europa.eu/consumers/financial_services/distance_marketing/index_en.htm
Legislation
19 January 2016
31
Legislation
19 January 2016
32
International
Convention on cybercrime
Date: 23th November of 2001
Objective:
International response and coordination to challenge cybercrime and cyberterrorism
Legislation
19 January 2016
33
http://www.oecd-ilibrary.org/science-and-technology/consumer-policy-guidance-on-mobile-and-online-payments_5jz432cl1ns7-en
Legislation
19 January 2016
34
© hdpaperwall.com
Compliance
19 January 2016
35
Major
Compli-
ance
Issues
Anti-
money
launde-
ring
Know
your
customer
(KYC)
Suspici-
ous
activities
Privacy of
customer
informa-
tion
Informa-
tion
disclo-
sures
Customer
education
Compliance• Major Compliance Issues
• International directives (Basel)
• Day to day implication in decisions
• Strategical
• Tactical
• Organisation
• Internal
• External
19 January 2016
36
Privacy of customer information
Legislation
Use of info (marketing)
Request permission
Storage and security
National and international differences
World wide web vs banking regulation
Compliance
19 January 2016
37
Know your customer (KYC)
Legal obligation
Operational impacts
Benefits
Costs
Organisation
Internal
external
• Suspicious activities
• Anti-money laundering
• Fraud
• Terrorism
• Black/Gray/white
Compliance• Information disclosures
• Global rule
• Exceptions
• Fraud
• Tax authorities
• International conventions
• Levels of disclosures
• Person related
• Transaction related
19 January 2016
38
Customer education
General conditions
Training
Explain
Feedback
Improve
Weak link in the chain