1、1 外文翻译 原文 RISK MANAGEMENT OF E-BANKING ACTIVITIES Material Source: University Galati, Economic Science Faculty Author: Virlanuta Florina, Moga Liliana, Ioan Viorica 1. E-banking risks E-banking is defined as the automated delivery of new and traditional banking products and services directly to cust
2、omers through electronic, interactive communication channels. E-banking includes the systems that enable financial institution customers, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network,inc
3、luding the Internet or mobile phone. Customers access e-banking services using an intelligent electronic device, such as a personal computer (PC), personal digital assistant (PDA), automated teller machine(ATM), kiosk, or Touch Tone telephone. In Romania, over 23 banks implemented and offer now e-ba
4、nking services. The continuous development of the supporting technology, information security and e-banking strategy reflects on the increasing number of the e-banking customers. According to Communications and Information Technologies Ministry, the number of e-banking users and the transactions per
5、formed in this system, as well as the value of these transactions, registered a spectacular rising, displayed in the graphics below: Year Index 2004 2005 2006 2007 E-banking customers 18.259 44.538 100.799 187.471 Transactions number 1.968.170 2.244.067 3.546.549 4.851.427 Transactions value (euro)
6、7.911.987.706 11.566.348.720 20.510.170.662 44.830.322.635 Source: Communications and Information Technologies Ministry 2 While the risks and controls are similar for the various e-banking access channels, this essay focuses specifically on Internet-based services due to the Internets widely accessi
7、ble public network Accordingly, this project begins with a discussion of the two primary types of Internet websites: informational and transactional. Informational websites provide customers access to general information about the financial institution and its products or services. Risk issues exami
8、ners should consider when reviewing informational websites include: Potential access to confidential financial institution or customer information if the website is not properly isolated from the financial institutions internal network; Potential liability for spreading viruses and other malicious c
9、ode to computers communicating with the institutions website; and Negative public perception if the institutions on-line services are disrupted or if its website is defaced or otherwise presents inappropriate or offensive material. Transactional websites provide customers with the ability to conduct
10、 transactions through the financial institutions website by initiating banking transactions or buying products and services. Banking transactions can range from something as basic as a retail account balance inquiry to a large business-to business funds transfer. E-banking services, like those deliv
11、ered through other delivery channels, are typically classified based on the type of customer they support. The following table lists some of the common retail and wholesale e-banking services offered by financial institutions. Since transactional websites typically enable the electronic exchange of
12、confidential customer information and the transfer of funds, services provided through these websites expose a financial institution to higher risk than basic informational websites. Wholesale e-banking systems typically expose financial institutions to the highest risk per transaction, since commer
13、cial transactions usually involve larger dollar amounts. In addition to the risk issues associated with informational websites, examiners reviewing transactional ebanking services should consider the following issues: Security controls for safeguarding customer information; Liability for unauthorize
14、d transactions; Possible violations of laws or regulations pertaining to consumer privacy, anti-money laundering, anti-terrorism, or the content, timing, or delivery of required consumer disclosures. 2. Transaction risk 3 Transaction risk arises from fraud, processing errors, system disruptions, or
15、other unanticipated events resulting in the institutions inability to deliver products or services. This risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institutions processing environment, including the types of services offered and
16、 the complexity of the processes and supporting technology. In most instances, e-banking activities will increase the complexity of the institutions activities and the quantity of its transaction/operations risk, especially if the institution is offering innovative services that have not been standa
17、rdized. Since customers expect e-banking services to be available 24 hours a day, 7 days a week, financial institutions should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability. Even institutions that do not consider e-banking a
18、 critical financial service due to the availability of alternate processing channels, should carefully consider customer expectations and the potential impact of service disruptions on customer satisfaction and loyalty. The key to controlling transaction risk lies in adapting effective polices, proc
19、edures, and controls to meet the new risk exposures introduced by e-banking. Basic internal controls including segregation of duties, dual controls, and reconcilements remain important. Information security controls, in particular, become more significant requiring additional processes, tools, exper
20、tise, and testing. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institutions established risk tolerance level. Generally, a financial institutions credit risk
21、 is not increased by the mere fact that a loan is originated through an e-banking channel. However, management should consider additional precautions when originating and approving loans electronically, including assuring management information systems effectively track the performance of portfolios
22、 originated through e-banking channels. Funding and investment-related risks could increase with an institutions e-banking initiatives depending on the volatility and pricing of the acquired deposits. The Internet provides institutions with the ability to market their products and services globally.
23、 Internet-based advertising programs can effectively match yield-focused investors with potentially high-yielding deposits. But Internet-originated deposits have the potential to attract customers who focus exclusively on rates and may provide a funding source with risk characteristics 4 similar to
24、brokered deposits. An institution can control this potential volatility and expanded geographic reach through its deposit contract and account opening practices, which might involve face-to face meetings or the exchange of paper correspondence. Compliance and legal issues arise out of the rapid grow
25、th in usage of e-banking and the differences between electronic and paper-based processes. E-banking is a new delivery channel where the laws and rules governing the electronic delivery of certain financial institution products or services may be ambiguous or still evolving. Laws governing consumer
26、transactions require specific types of disclosures, notices, or record keeping requirements. These requirements also apply to e-banking, and banking agencies continue to update consumer laws and regulations to reflect the impact of e-banking and on-line customer relationships. Institutions that offe
27、r e-banking services, both informational and transactional, assume a higher level of compliance risk because of the changing nature of the technology, the speed at which errors can be replicated, and the frequency of regulatory changes to address e-banking issues. The potential for violations is fur
28、ther heightened by the need to ensure consistency between paper and electronic advertisements, disclosures, and notices. 3. Risk management E-banking has unique characteristics that may increase an institutions overall risk profile and the level of risks associated with traditional financial service
29、s, particularly strategic, operational, legal, and reputation risks. These unique e-banking characteristics include: Speed of technological change, Increased visibility of publicly accessible networks, Less face-to-face interaction with financial institution customers. Management should review each
30、of the processes discussed in this section to adapt and expand the institutions risk management practices as necessary to address the risks posed by e-banking activities. Financial institution management should choose the level of e-banking services provided to various customer segments based on cus
31、tomer needs and the institutions risk assessment considerations. Institutions should reach this decision through a board-approved, e-banking strategy that considers factors such as customer demand, competition, expertise, implementation expense, maintenance costs, and capital support. Some instituti
32、ons may choose not to provide e-banking services or to limit e-banking services to an informational website. Financial institutions should periodically re-evaluate this decision to ensure it 5 remains appropriate for the institutions overall business strategy. Institutions may define success in many
33、 ways including growth in market share, expanding customer relationships, expense reduction, or new revenue generation. If the financial institution determines that a transactional website is appropriate, the next decision is the range of products and services to make available electronically to its
34、 customers. To deliver those products and services, the financial institution may have more than one website or multiple pages within a website for various business lines. Financial institutions should base any decision to implement e-banking products and services on a thorough analysis of the costs
35、 and benefits associated with such action. Some of the reasons institutions offer e-banking services include: Lower operating costs, Increased customer demand for services, and New revenue opportunities. The individuals conducting the cost-benefit analysis should clearly understand the risks associa
36、ted with ebanking so that cost considerations fully incorporate appropriate risk mitigation controls. Without such expertise, the cost-benefit analysis will most likely underestimate the time and resources needed to properly oversee e-banking activities, particularly the level of technical expertise
37、 needed to provide competent oversight of in-house or outsourced activities. Security threats can affect a financial institution through numerous vulnerabilities. No single control or security device can adequately protect a system connected to a public network. Effective information security comes
38、only from establishing layers of various control, monitoring, and testing methods. While the details of any control and the effectiveness of risk mitigation depend on many factors, in general, each financial institution with external connectivity should ensure the following controls exist internally
39、 or at their TSP. Conclusions A financial institutions board and management should understand the risks associated with e-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering e-banking services. Poor e-banking planning and inv
40、estment decisions can increase a financial institutions strategic risk. Early adopters of new e-banking services can establish themselves as innovators who anticipate the needs of their customers, but may do so by incurring higher costs and increased complexity in their operations. Conversely, late
41、adopters may be able to avoid the higher expense and added complexity, but do so at the risk of not meeting customer demand for additional products and services. In managing 6 the strategic risk associated with e-banking services, financial institutions should develop clearly defined e-banking objec
42、tives by which the institution can evaluate the success of its ebanking strategy. 译文 电子银行的风险管理 资料来源 :加拉茨 大学经济科学系 作者: Virlanuta Florina, Moga Liliana, Ioan Viorica 1 风险管理的电子银行业务 电子银行定义为将传统银行产品通过电子渠道,并直接向客户提供互动服务的的新的自动交付服务。电子银行系统指金融机构客户,个人或企业,可以通过互联网或手机访问帐户,办理业务,或通过公共或专用网络上获得的金融产品和服务的信息。客户通过使用智能电子设备,如
43、个人计算机( PC),个人数字助理( PDA),自动取款机( ATM),或按键式电话机来获得服 务。 在罗马尼亚,超过 23 家银行在实施,并提供电子银行服务。越来越多的电子银行客户对电子银行的配套技术,信息安全和电子银行战略提出要求,根据通信和信息技术部显示,以下图形显示了电子银行用户、本系统进行的交易数量以及这些交易的价值都呈上升趋势: 年指数 2004 2005 2006 2007 电子银行客户 18.259 44.538 100.799 187.471 交易数量 1.968.170 2.244.067 3.546.549 4.851.427 交易价值 7.911.987.706 11.
44、566.348.720 20.510.170.662 44.830.322.635 来源:通信与信息技术部 尽管风险和控制在各种电子银行渠道是类似,本文特别侧重于基于互联网的服务的广泛使用的公共网络。因此,该项目首先对互联网网站的两个主要类型的讨论:信息和交易。信息网站为客户提供有关金融机构及其产品或服务的一般资料。 考虑风险问题时,应该考虑并检讨的资讯网站包括:如果该网站不是金融机构的内部网络,可能获得金融机构或客户机密信息;潜在存在对机构的网站7 传播病毒的网站;如果该机构的在线服务被破坏或以其他方式提出不适当 或攻击性材料使公众产生负面看法。 事务性网站通过金融机构进行的网站发起银行交易
45、或购买产品和服务交易为客户提供服务。银行交易的范围可以从基本零售帐户到一个大型企业,对企业资金进行转移。电子银行服务,如通过其他交易渠道通常基于客户的类型进行分类的。下表列出了电子银行金融机构为零售和批发提供的服务。 由于交易的网站通常是客户机密信息的电子交换和资金的转移,因此,通过这些网站提供的服务的金融机构风险高于基本信息网站的风险。由于批发电子银行系统的商业交易往往涉及较大的美元数额,因此,它揭露金融机构交易的风险最 高。除了风险信息网站,电子银行交易服务审查应考虑以下的相关问题: 安全控制,维护客户信息; 未经授权交易的法律责任 ; 有关的法律或法规可能违反消费者隐私,反洗钱,反恐怖主
46、义,或内容,时间,或要求应向客户披露信息 。 2 交易风险 交易风险来自诈骗,错误 程序 ,系统中断,或其他机构的不能交付产品或服务而导致无法预料的事件 , 这种风险 主要 存在于每一种产品和提供服务。该机构的处理环境的结构影响 了 交易风险的水平,包括所提供的服务种类 、 流程以及 配套技术的复杂性。 在大多数情况下,电子银行业务将增加该机构的活 动的复杂性和它的交易 /业务风险的数量,特别是如果该机构提供的不规范的创新服务。由于客户希望网上银行服务可提供 24小时全天候 及 每周 7天 的服务 ,金融机构应确保其电子银行基础设施具有足够的容量和冗余,以确保服务的可用性。即使不考虑机构的电子
47、银行金融服务 的 替代加工供应渠道, 但 应认真考虑客户的期望和服务中断对客户满意度和忠诚度的潜在影响。 对交易风险控制的关键在于有效的适应政策,程序和控制,以满足新风险的网上银行介绍。 其 基本的内部控制,包括职责,双重控制隔离仍然是重要的。特别是信息安全控制, 在 额外的程序,工具,专业技术和测试变的越来越重要。机构应 该 对信息的敏感度的客户 制 定适当的安全级别管制 以及 评估该机构的设立风险承受能力的基础。 一般来说,金融机构的信贷风险增加贷款是通过电子银行渠道起源 的事实 。然而,管理层应该考虑 在 管理信息系统采取额外预防措施,包括通过电子银行渠道发起的投资组合有效地跟踪 ,以确
48、保其具有良好的 表现。 筹资和投资有关的风险可能 会 增加机构的电子银行的波动性 ,其 价格取决8 于所收购存款举措。互联网 具有 提供全球机构产品和服务市场的能力 , 投资者基于互联网的广告程序可以有效地配合潜在的高收益的存 款收益为重点。但是,互联网的起源存款吸引客户 在利率 关注率 的潜力 ,并提供一个 具有与 风险特征类似 的 存款资金来源。一个机构可以控制这种潜在的波动性,这可能涉及到面对面会议或纸书信往来 , 并通过开户存款合同的做法, 来 扩大地理覆盖范围。 法律问题 的 出 现主要 在 于 电子银行业务的快速增长 以及 在电子和纸面处理过程的差异 而产生的 。电子银行是一种新的
49、传递通道 , 某些金融机构的产品或服务电子化的法律可能 存在 不明确 的情况 或仍在发展。 根据 消费交易的披露要求, 要 通知或记录保存特定类型的要求 , 这些要求也适用于电子银行,银行机构和消费者 要求 不断 更新法律和法规, 用来 反映电子银行的影响 范围 和 与 在线客户关系。 机构提供 的 电子银行服务,包括信息和交易, 由于 该技术 处在 不断变化 中 ,因此 承担了较高 的 风险, 所以要不断加强监管,及时制定政策 , 用 以解决电子银行服务水平的问题。 为了 进一步 加强对违规行为的监督,减少违规现象 , 因此 必须确保 其 在纸张和电子广告 的 披露 与 通知 的 一致性。 3 风险管理 电子银行具有独特的特性,可能会增加一个机构的整体风险状况,以及与传统的金融服务 相比 , 其特别之处在于 战略,运作,法律风险的水平和声誉风险。这些独特的电子银行的特点包括: 加快了 技术变化的 速度,增加 了 公开访问的网络可视性,减 少了 面对面与金融机构客户的互动。管理部门应 加大 审查,来 处理构成的电子银行业务 的 风险管理做法的每个过程。 金融机构管理应 根据 不同的客户
