Click here to load reader

Compliance and risk management in ebanking

  • View
    428

  • Download
    0

Embed Size (px)

Text of Compliance and risk management in ebanking

  • Compliance and risk management in ebanking

    January 2016

    H. Van de Vyver

  • Compliance and risk management

    19 January 2016

    2

    Risk management

    Fourteen principles for a sound risk management

    Cross border issues

    Risk policy

    Laws and legislation, a way to tackle risks?

    Compliance

  • Risk Management

    19 January 2016

    3

    Technology and infrastructure

    Security

    Data integrity

    System reliability

    Internal controls-audits

    Outsourcing

    Types of risk (1)

  • Risk Management

    19 January 2016

    4

    Types of risk (2)

    Reputational risk

    Legal risk

    Other traditional risks

    Credit

    Liquidity

    Market

    Foreign exchange

  • 519 January

    20165

    Risk Management

    Credit

    Liquidity

  • Risk Management

    19 January 2016

    6

    Tools

    Support and oversight by the board of directors

    Supervisory staff

    technological knowledge

    appropriate technological skills

    Technical training of staff

    Recruit outside expertise

    http://www.isaca.org/Journal/Past-Issues/2001/Volume-6/Pages/Risk-Management-for-Internet-Banking.aspx

    http://www.isaca.org/Journal/Past-Issues/2001/Volume-6/Pages/Risk-Management-for-Internet-Banking.aspx

  • Fourteen principles

    19 January 2016

    7

    A) Board and management oversight

    Effective oversight of e-banking activities

    Establishment of a comprehensive control process

    Comprehensive due diligence and management oversight processfor outsourcing relationships and other third party dependencies

    Source: Basel Committee on Banking Supervision, Risk management Principles for Electronic Banking

  • Fourteen principles

    19 January 2016

    8

    B) Security controls

    Autentication of e-banking customers

    Non-repudiation and accountability for e-banking transactions

    Appropriate measures to ensure segregation of duties

    Proper autorisation controls within e-banking systems, databases and applications

    Data integrity of e-banking transactions, records and information

    Establishment of clear audit trails for e-banking transactions

    Confidentiality of key bank information

    Source: Basel Committee on Banking Supervision, Risk management Principles for Electronic Banking

  • Fourteen principles

    19 January 2016

    9

    C) Legal and reputational risk management

    Appropriate disclosures for e-banking services

    Privacy of customer information

    Capacity, business continuity and contingency planning to ensure availability of e-banking systems and services.

    Incident response planning

    Source: Basel Committee on Banking Supervision, Risk management Principles for Electronic Banking

  • Cross border issues

    19 January 2016

    10

    Technology expanding the virtual geographical reach of banks and customers

    No need of physical expansion

    Interconnected networks

    -> countries not licensed or supervised

    Banking and non-banking activities

    Different jurisdictions

  • Cross border issues

    19 January 2016

    11

  • Cross border issues

    19 January 2016

    12

    Existing regulation, laws, controls etc apply to e-banking

    Bank mostly refrain from cross border activities in e-banking

    -> Addition of e-banking to existing Brick and Mortar

  • Cross border issues

    19 January 2016

    13

  • Cross border issues

    19 January 2016

    14

    Three challenges

    1. E-banking span geographic borders

    -> call into question regulations and juridical requirements

    2. Foreign competitors conduct nearly identical activities : restrictive approach

    3. Uncertainty during the period of construction of legal infrastructure

  • Cross border issues

    19 January 2016

    15

    The in-out scenario

    (bank in country customers outside country)

    Home country responsible for laws on consolidated basis

    Same regulations and controls within home country

    Host approaches home country supervisor

  • Cross border issues

    19 January 2016

    16

    The out in scenario

    (outside country bank in country clients)

    Physically foreign bank, access to payment in local market

    Host supervisor checks if he needs some additional license

    Danger of lack of jurisdiction in host country

  • Cross border issues

    19 January 2016

    17

    Positive notes

    Cheaper and less risky operations

    Resources in home country (easily switch from one foreign market to another)

    Objective of reaping economies of scale

    Critical notes

    Hard to build trust

    Less familiar with market conditions

  • Risk Policy

    19 January 2016

    18

    Source: Deloitte.com

  • Risk Policy

    19 January 2016

    19

    Assess risks

    Control risks

    Monitor risks

    Integrate in overall riskmanagement

    Supervisory staff

    Technical training

    Outside expertise

  • Risk management

    19 January 2016

    20

    hdpaperwall.com

  • Case study Estonian Banks

    19 January 2016

    21

    Source: Deloitte.com

  • Legislation

    19 January 2016

    22

    Introduction Europe Others International

  • Legislation

    19 January 2016

    23

    EuropeDirective on prospectuses

    Date: May 2001

    Objectives:

    create a single passport for issuers offering securities to the public

    available on the website or in electronic format

    http://ec.europa.eu/internal_market/accounting/legal_framework/prospectus_directive/original_text_en.htm

    http://ec.europa.eu/internal_market/accounting/legal_framework/prospectus_directive/original_text_en.htm

  • Legislation

    19 January 2016

    24

    EuropePersonal Data protection Act

    Directive 95-46-EC

    Objectives:

    Free movement of personal data

    Rules for the state, companies and individuals

    Appropriate level of protection

    http://ec.europa.eu/justice/data-protection/

    http://ec.europa.eu/justice/data-protection/

  • Legislation

    19 January 2016

    25

    EuropeDirective on e-money institutions

    Directive 2000-46-EC; 18th September 2000

    Objectives:

    Promote consumer confidence in the use of e-money

    Establish regulatory framework for electronic money institutions

  • Legislation

    19 January 2016

    26

    EuropeDirective on e-money institutions

  • Legislation

    19 January 2016

    27

    EuropeDirective on e-security

    Date: 6th June 2001

    Objective: ensure confidentiality and accessibility of networks and information

    http://ec.europa.eu/digital-agenda/en/news/commission-proposal-directive-concerning-measures-ensure-high-common-level-network-and

    http://ec.europa.eu/digital-agenda/en/news/commission-proposal-directive-concerning-measures-ensure-high-common-level-network-and

  • Legislation

    19 January 2016

    28

    EuropeElectronic signature act

    Directive 1999-93-EC

    Objective: Legal framework and technical conditions for electronic signature

    http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1414248022776&uri=CELEX:32014R0910

    http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1414248022776&uri=CELEX:32014R0910

  • Legislation

    19 January 2016

    29

    EuropeDirective on traffic data retention

    http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&qid=1414248022776&from=EN

    http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&qid=1414248022776&from=EN

  • Legislation

    19 January 2016

    30

    Europe

    Distance selling of financial services

    Mutual recognition of the banking licence/prudential supervision

    http://ec.europa.eu/consumers/financial_services/distance_marketing/index_en.htm

    http://ec.europa.eu/consumers/financial_services/distance_marketing/index_en.htm

  • Legislation

    19 January 2016

    31

  • Legislation

    19 January 2016

    32

    International

    Convention on cybercrime

    Date: 23th November of 2001

    Objective:

    International response and coordination to challenge cybercrime and cyberterrorism

  • Legislation

    19 January 2016

    33

    http://www.oecd-ilibrary.org/science-and-technology/consumer-policy-guidance-on-mobile-and-online-payments_5jz432cl1ns7-en

    http://www.oecd-ilibrary.org/science-and-technology/consumer-policy-guidance-on-mobile-and-online-payments_5jz432cl1ns7-en

  • Legislation

    19 January 2016

    34

    hdpaperwall.com

  • Compliance

    19 January 2016

    35

    Major

    Compli-

    ance

    Issues

    Anti-

    money

    launde-

    ring

    Know

    your

    customer

    (KYC)

    Suspici-

    ous

    activities

    Privacy of

    customer

    informa-

    tion

    Informa-

    tion

    disclo-

    sures

    Customer

    education

  • Compliance Major Compliance Issues

    International directives (Basel) Day to day implication in decisions

    Strategical Tactical

    Organisation Internal External

    19 January 2016

    36

    Privacy of customer information

    Legislation

    Use of info (marketing)

    Request permission

    Storage and security

    National and international differences

Search related