1 / 29

Séminaire d’initiation La banque à distance- Internet banking law

Séminaire d’initiation La banque à distance- Internet banking law. Etienne Wéry Attorney at law at the Brussels and Paris Bars etienne.wery@ulys.net ULYS law firm www.ulys.net. Introduction. Séminaire - 6 modules : Notions et mutations/convergences du secteur : features (I)

artie
Download Presentation

Séminaire d’initiation La banque à distance- Internet banking law

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Séminaire d’initiation La banque à distance- Internet banking law Etienne Wéry Attorney at law at the Brussels and Paris Bars etienne.wery@ulys.net ULYS law firm www.ulys.net

  2. Introduction • Séminaire - 6 modules : • Notions et mutations/convergences du secteur : features (I) • Obligations d’information: Know your customer- Anti-money laundering and the financing of terrorism-Special liabilities (II) • Securité/security : internet fraud (III) • Services financiers par internet et e-payments (IV) • Contrats : Study case (V) • Synthèse de droit européen (VI)

  3. Module I Notions et mutations/convergences du secteur : features

  4. Notions • Internet banking refers to the use of the Internet as a remote delivery channel for banking services: • services include the traditional ones, such as opening an account or transferring funds to different accounts, and new banking services, such as electronic online payments (allowing customers to receive and pay bills on bank’s web site) or financial transactions (acquisition, transfer, sale of securities etc.). • Characteristics of Internet banking include • the unprecedented speed of change related to technological and customer service innovation • the ubiquitous and global nature of the Internet • the integration of Internet banking applications with legacy computer systems, and • the increasing dependence of banks on third parties that provide the necessary information technology.

  5. Notions (2) • A bank can perform Internet activities in one or more of the following ways : • Informational: this is the basic level of Internet banking, marketing information about the bank’s products and services on a stand-alone server • Communicative : this type of Internet banking system allows some interaction between the bank’s systems and the customer (electronic mail, account inquiry, loan applications or static file updates (name and address changes)) • Transactional : this level of Internet banking allows customers to directly execute transactions with financial implications : • basic transactional site only allows a transfer of funds between the accounts of one customer and the bank • advanced transactional site provides a means for generating payments directly to third parties outside of the bank

  6. Risks Risks associated with Internet banking • Consistency of technology • Compliance with corporate policies and legal requirements • Data and service availability, including business recovery planning • Data integrity, including providing for safeguarding of assets, proper authorisation of transactions and reliability of the data flow • Data confidentiality and privacy standards, including controls over access by both employees and customers

  7. Risks (2) Security risks associated with Internet banking • Customer security practices / Authentication of customers • Nonrepudiation and accountability of transactions • Segregation of duties • Authorisation controls within systems, databases and applications • Internal or external fraud (See module III) • Data integrity of transactions, databases and records • Audit trails for transactions • Confidentiality of data during transmission • Third-party security risk

  8. Mutations/Convergences • The number of customers who choose online banking as their preferred method of dealing with their finances is growing rapidly. • The day may come when cash will be obsolete. • “Phénomène de convergence” • For instance, banking via cellphone or PDA as the next option seemed impossible, but technology has already proved the skeptics wrong.

  9. Module II Obligations d’information Know your customer- Anti-money laundering and the financing of terrorism – special liabilities

  10. Know your customer • Due diligence or enhanced due diligence (EDD) to identify the clients and ascertain relevant information pertinent to doing financial business with them • Committee on Banking Regulations and Supervisory Practices of the G 10 : The Basle Statement of Principles covers all aspects of laundering through the banking system. • Customer Identification - "Know your Customer" (KYC). • Financial Action Task Force on Money Laundering (FATF) of G-7

  11. Anti-money laundering • All financial firms must demonstrate effective money laundering procedures • To be compliant firms must provide sufficient “Customer Information” to prove customer identity for both new and existing clients as follows: • > Customer ID –electronic ID (who are they) • > Risk Assessment (country of origin, any political affiliation, movement of funds, etc) • > Validification (on any black lists) • > Existing customers need to be monitored in terms of their transactional behaviour

  12. Combating the financing of terrorism • Money laundering is the process where cash raised from criminal activities is made to look legitimate for re-integration into the financial system, whereas terrorist financing cares little about the source of the funds, but it is what the funds are to be used for that defines its scope. • International Convention for the Suppression of the Financing of Terrorism (UN 1999) • US Patriot Act • European Regulation (EC) of 27 December 2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism • United Nations Resolution (sanction and freezing of assets of terrorists) and Recommandations • Groupe d’action financière sur le blanchiment des capitaux (GAFI)

  13. Liabilities Some specific legal issues related to secure electronic banking • General duty of care in case of a professional service provider in the financial sector • role of service level agreements with key suppliers-outsourcing, industry standards and best practices • Basel Committee presented a document 'Risk Management Principles for Electronic Banking' (risk management principles and sound practices) • Liability under Electronic Transfer of Funds legislations • Impact of possible application of consumer legislation. • Legal security obligations in case of personal data processing • Legal security obligation for publicly available communications services • US Sarbanes Oxley Act (“SOX”)

  14. Module III Securité/security : internet fraud

  15. Securité/security : internet fraud • Protection through passwordauthentication not secure enough for personal online banking applications • Online banking user interfaces are secure sites generally employing the https protocol and traffic of all information - including the password - is encrypted : reduces possibility for a third party to obtain or modify information after it is sent. • Encryption alone does not rule out the possibility of hackers gaining access to vulnerable home PCs and intercepting the password as it is typed in (keystroke logging); danger of password cracking and physical theft of passwords written down by careless users.

  16. Internet fraud • Second layer of security • use of transaction numbers or TANs (single use passwords) • use of two passwords, only random parts of which are entered at the start of every online banking session; • providing customers with security token devices capable of generating single use passwords unique to the customer's token (the two-factor authentication or 2FA); • using digital certificates, which digitally sign or authenticate the transactions, by linking them to the physical device (e.g. computer, mobile phone, etc). • Setting up a combination of controls that recognize a customer's computer, ask additional challenge questions for risky behavior, and monitor for fraudulent behavior. • Increasingly criminal practice to gain access to a user's finances is phishing, whereby the user is persuaded to hand over thispassword(s) to a fraudster

  17. Exemple récent en Belgique • Depuis 2005, il y a eu en Belgique 52 cas de comptes bancaires gérés via internet qui ont été pillés. Près de 800.000 euros ont été soustraits des comptes. • Pour la première fois en 2007, c'était l'œuvre du crime organisé, la mafia russe, s'est attaquée à trois banques belges. • Pour la CBFA, il faut relativiser le phénomène : 52 cas alors que 500.000 transactions sont réalisées quotidiennement via des comptes gérés à l'aide d'internet. De plus, les clients qui ont été victimes de fraude utilisaient tous des logiciels copiés. • "Les gens doivent faire preuve d'un minimum d'hygiène en matière informatique". • Depuis ces dernières attaques, les institutions visées ont pris des mesures de protection supplémentaires. Résultat : il n'y a plus eu de tentatives réussies en Belgique de pillage de comptes gérés via internet depuis le mois de juin. Les clients qui ont été victimes de cette fraude ont été remboursés.

  18. Application • Ecobank webiste study case: • https://www.tib.ecobank.com/scripts/ecobank.dll • Belgian Online Bank samples : • https://secure.ing.be/eb/homebank/EN/index.jsp • https://www.fortisbanking.be/pics/BE/F/fr/anon/priv/News/securite_internet_2_.html • http://www.dexia.be/Fr/Particulier/BankingManagement/ViaDexiaDirectNet/demonstrations.htm

  19. Module IV Services financiers par internet et e-payments

  20. Services financiers par internet : exemples belges et français • - Architecture du droit des services financiers à distance en droit européen, belge et français • Définitions des “services financiers” et du “contrat à distance” • Prospection commerciale et techniques de communication à distance • Obligation d’information et communication des conditions contractuelles • Droit de rétractation • Questions de DIP

  21. Monnaie électronique-situation harmonisée au niveau européen • Contrôle prudentiel : agrément et exemptions • Transparence des conditions régissant les services de paiement • Droits et obligations liés à la prestation et à l’utilisation de services de paiement • Autorisation des opérations de paiement • Consentement, surveillance, irrévocabilité, droit au remboursement, preuve, contestation, archivage, responsabilité • Exécution d’une opération de paiement • Acceptation et refus d’un ordre de paiement, montants et commission, délai d’exécution, disponibilité des fonds, date-valeur, problème d’exécution

  22. Module V Contrats : Study case

  23. Module VI Synthèse de droit européen

  24. SEPA • Création d’un espace unique des paiements en euros : Single Euro Payments Area • Instruments de paiement SEPA • SCT ou SEPA Credit Transfer • SDD ouu SEPA Direct Debit • SCF ou SEPA Card Framework

  25. MiFID • MiFID (Markets in Financial Instruments Directive) : nouveau cadre réglementaire sur les marchés d'instruments financiers, objectif de promouvoir la prestation transfrontalière de services d'investissement, en instaurant un régime harmonisé dans tous les Etats membres, tout en renforçant la protection des investisseurs • Know your customer—The directive, requires firms to update their client service processes in order to handle data for: • a) Customer classification (professional, non-professional, eligible counterpart) • b) Proof of information provided related to classification • c) Proof of management of situations of “conflict of interest” • New rules of conduct.

  26. MiFID (2) • Customer order handling—Best execution, classification, driven order handling and transparent pricing. • Transparency—Fulfillment of real time and deferred reporting. Market data feed, pre-trade and post-trade transparency, customers' confirmations, information access for customers, and reporting to regulators • Internal organization: investment firms are required to meet higher organizational standards, including new rules on the compliance functions, conflict of interests controls, record-keeping, safeguarding of money and assets, outsourcing arrangements, complaint handling mechanisms, personal transactions or inducements.

  27. What next ? • AML – EU 3rd Directive December 2007 • MiFID III • Basel II • New e-payments directive

  28. Litterature • Internet : http://www.droit-technologie.org • Journal of internet banking and commerce : http://www.arraydev.com/commerce/jibc/ • Books : Internet Banking and the Law in Europe: Regulation, Financial Integration and Electronic Commerce, by Apostolos Ath. Gkoutzinis(www.cambridge.org/us/9780521860710)

  29. Thank you for your attention etienne.wery@ulys.net Belgium : Tel : +32 (0) 2 340 88 10  / Fax : +32 (0) 2 345 35 80 France : Tel +33 (0) 1 40 70 90 11 / Fax +33 (0) 1 40 70 01 38 www.ulys.net

More Related