In part-I of this article, we look at how e-banking has evolved in the recent times, the main elements of an e-banking system and the technology risks associated with it.

The rise of e-banking

E-banking or Internet banking refers to systems that enable bank customers to access accounts and general information on bank products and services through a Personal Computer (PC) or any other intelligent device on an electronic distribution channel.

E-banking products and services can include those for corporate customers as well as retail products for consumers. Ultimately, the products and services obtained through e-banking may mirror products and services through other traditional bank delivery channels. Some examples of these products and services include – cash management, wire transfer, balance enquiry, funds transfer, investment activity, bill presentment and payment, and other value-added services.

With the widespread growth of the Internet, customers can use this technology anywhere in the world to access a bank’s network. The Internet, as an enabling technology, has made banking products and services available to more customers and eliminated geographic and proprietary systems barriers. With an expanded market, banks also have opportunities to expand or change their product and service offerings.

Market factors that drive a bank’s strategy to offer e-banking services include: competition, customer demand, cost efficiencies, extended geographical reach and enhanced branding.

The Reserve Bank of India had also set up a ‘Working Group on Internet Banking’ to examine different aspects of Internet Banking. The group focused on three major areas of Internet banking i.e., (i) technology and security issues, (ii) legal issues and (iii) regulatory and supervisory issues. The guidelines of the group have been accepted by RBI and they provide a good insight into the security requirements of Internet banking.

The main elements of an Internet banking system are:

• Hardware: the servers, storage devices, communication channels and links, gateways and remotely located devices
• Software: the operating systems, database management systems, e-banking applications and security application programs
• Data: the content of the databases containing customer and account information
• Personnel: clerical staff, administrative staff and computer operations staff

Technology risk

E-banking, apart from opportunities, also brings with it new risk control challenges. Some of these risks are operational or transactional risk, security risk, reputational risk, legal risk, money laundering risk and cross-border risk apart from the traditional risks of banking like credit risk, liquidity risk, etc. Although security is not a new problem facing banks, Internet transactions provide new different security concerns, away from the traditional security issues of robberies and frauds. Banks should have a rigorous analytic risk management process to enable them to identify, measure, monitor, transfer and control their technology risk exposure.

The following section outlines some of the issues related to e-banking and the underlying risk management principles that should be considered by banks to address these issues. It should be noted that a "one size fits all" approach to e-banking risk management is not appropriate since each bank’s risk profile is different and requires a risk mitigation approach appropriate for the scale of the e-banking operations, the materiality of the risks present, and the willingness and the ability of the bank to manage these risks.

Risk management in e-banking

The Basel Committee on banking supervision formed a working group, the Electronic Banking Group (EBG), to work in the area of e-banking risk management. The EBG’s report on risk management and supervisory issues arising from e-banking developments was released in October 2000. The report inventoried and assessed the major risks associated with e-banking, namely strategic risk, operational risk, reputational risk, and credit, market and liquidity risks. The group also noted that strategic risk, operational risk and reputational risk are certainly heightened by the rapid introduction and underlying technological complexity of e-banking activities.

The following e-banking risk management principles identified here are not in any order of precedence or importance and also sometimes fall into overlapping categories of issues.

• Establishment of specific accountability, policies and controls to manage e-banking risks
• Establishment of a comprehensive security control process
• Authentication of e-banking customers
• Non-repudiation and accountability for e-banking transactions
• Measures to ensure segregation of duties
• Internal authorization controls within e-banking systems, applications and databases
• Data integrity of e-banking transactions and information
• Establishment of clear audit trails for e-banking transactions
• Confidentiality of bank information
• Appropriate disclosures and disclaimers for e-banking services
• Privacy of customer information
• Availability of e-banking systems
• Incident response planning

In the next part, we will look at each of the above risk management principles in detail and also discuss some specific technical solutions relating to e-banking.