250 likes | 287 Views
Importance and Issues on Regulatory Framework for E-Banking in Nepal. Presented By: Rajan Bikram Thapa . Members of QC. Definition. The term e-banking is relatively new ( Moenaert and Lievens , 2000), and several definitions have been cited in the literature.
E N D
Importance and Issues on Regulatory Framework for E-Banking in Nepal. Presented By: RajanBikramThapa. Members of QC
Definition • The term e-banking is relatively new (Moenaert and Lievens, 2000), and several definitions have been cited in the literature. • Nevertheless, the majority of banking technology researchers and practitioners (e.g., Daniel, 1999; Keyes, 1999; Pikkarainen et al., 2006; Nikola et al., 2002; Lassar et al., 2005) agree that • The concept of e-banking refers to the system that enables banks to offer their customers access to their accounts to transact business and obtain information via electronic communication channels; these channels can include Automated Teller Machines (ATMs), tele-banking, home banking and internet banking (Turban, 1999)
Key Features From Definition This definition includes delivering services and products such as: • Account information • Access to funds • Business transactions and transfers • Uses of electronic devices
E-Banking Devices • Personal computers (PCs) • Personal digital assistants (PDAs) • Automated teller machines (ATMs) • Kiosks • Touch tone telephones • Cellular and smart phones
Why Online Banking? • Why online banking are becoming increasingly important? • The increasing competition from non-bank financial services companies, thetelecommunications industry, and systems or software developers. • The demand for more efficient and convenient capabilities. • The widening cost and delivery differentials between electronic capabilities and traditionaldelivery channels.
Risk Management Principle For Online Banking • Board and Management Oversight • Effective management oversight of online banking activities. E.g. Management supervision and internal controls • Establishment of a comprehensive security control process. E.g. Strategic planning and feasibility analysis, Risk analysis, Impact analysis • Comprehensive due diligence and management oversight process for outsourcing relationships.
Risk Management Principle For Online Banking Security Controls 1. Authentication of online banking customers.2. Non-repudiation and accountability for online banking transactions.3. Aappropriate measures to ensure segregation ofduties.4. Proper authorisation controls within online systems, databases and applications.5. Data integrity of online banking transactions, records and information.
Risk Management Principle For Online Banking • Security Controls 6. Establishment of clear audit trails for online transactions. 7. Confidentiality of key bank information.
Risk Management Principle For Online Banking Legal and Reputation Risk Management 1. Appropriate disclosures for online banking services.2. Privacy of customer information.3. Capacity, business continuity and contingency planning to ensure availability of online banking systems and services.4. Incident response planning.
Issues Impacting E-Banking Informational Website: • Potential liability and consumer violations • “The insider threat” if the website is not properly isolated • Avenue for spreading viruses and other malicious code • Reputational risk for service disruption and defacing ……
Issues Impacting E-Banking Transactional websites: • Safeguarding customer information • Authentication processes (e.g. ID theft) • Liability for unauthorized transactions • Losses from fraud ……
Issues Impacting E-Banking Transactional websites (cont’d): • violations of laws or regulations (e.g. consumer privacy, etc.) • Reputational risk from failure to process third-party payments
New Risks • First, unprecedented speed of technological change, and assess how it relates to their technology investments and their ability to provide consistently high-quality customer service. • Second, increase in dependent on third parties to provide the necessary information technology.
New Risks • Third, Security and New means of attack ..Internet banking becomes more widespread and complex, the need for banks to assess and manage security risks will become even more crucial. • Forth, Cross-border implications of Internet banking.
Control Areas Planningand Deployment Operating Policy and Procedure Audit Law and Regulatory Administration and System Operations Vendor and Outsourcing System Failure
Why E-Banking Regulation? • Technology is now the single biggest strategic issue in banking. • Innovative electronic banking product may increases the different types of risk. • In particular, banks should be urgently reviewing the opportunities provided by the internet • Timely initiating the problem. • To enhance the supervisory capabilities to maintain financial sector stability • For uniform action
32 commercial banks are using various electronic products to their customers. Most of the National level development banks and some finance companies also lunched debit card and informational electronic banking services to their costumer. Most of Banks have similar nature of electronic banking product. Most of The banks has lunched their own remittance services. Branch Less Banking(BB) is the most desirable product in the present context and commercial banks has focused their effort to capture scattered deposit from rural area where financial services is not reach. About Nepalese Banking
Information Service : This is the most basic form of online e-banking service. It is a one-way communication whereby; Information, regarding banks, product, service financial statement, interest rate etc. Advertisements or promotional material are provided to the customers. Although the risks associated with such online services are low, these websites are often the targets of hacking which vandalizes and mutilates the original information being provided. A licensee may suffer reputational harm resulting from its website being hacked. E-banking services provided by Nepalese banks.
Interactive Information Exchange Service: This form of Internet services offers slightly more customer interactions compared with the former. Customers are able to communicate with the bank, • Make account enquiries and complete application forms for additional services or purchase new products offered. The risks pertaining. • To these websites depend on whether they have any direct links to the licensee’s internal network. • These risks range from low to moderate according to the connectivity between the Internet and the internal network and the applications that the customer could access.
Transactional Service This category of Internet services allows customers to execute online transactions such as the • Transfer of funds, payment of bills and other financial transactions. • This is the highest risk category that requires the strongest controls since online transactions are often irrevocable once executed and the bank’s internal systems may be exposed to external attacks if controls are inadequate.
NRB has been issued risk management guideline, which forced to establish necessary internal polices of banks regarding all kinds of banking risk (including operational risk.) NRB has been addressed certain essential and fundamental issues regarding electronic banking through unified directives. Directive no. 14 (Branch less Banking) Precondition for approval certain risk management tips for BB Directive no. 21 Provision of Domestic fund transfer) Directive no. 21 Electronic payment Directive no . 21 (Automated teller Machine) Directive no. 21 (SWIFT Operation) What we have at present?
Regulatory focus is needed… • Authentication Process: Product/Related party • Outsourcing mechanism • Reliability of service provider • Minimum acceptable criteria. • Responsibility and accountability • Due diligence for agent and service provider • Privacy of customer information. • Service continuity assurance • Banks Commitment for protecting depositors interest
CONT… • Data integrity of online banking transactions,records and information. • Costumer Awareness and Education • Minimum content of agreement between service provider/ agent/ sub agent etc. • Additional cost burden to the customer • Transaction limit for innovative product. • Compliance of KYC and AML/CFT • Risk Management. • Reporting requirement .