Risks associated with E-banking :
Transaction/ Operations Risk
Transaction/Operations risk arising from fraud, processing errors, system disruptions, or other unanticipated events shows the bank’s inability to
deliver products or services. This risk exists in each product and service offered. The level of transaction risk is affected by the structure of the bank’s processing environment, including the types of services offered and the complexity of the processes and supporting technology.
In most instances, e-banking activities will increase the complexity of the bank’s activities and the quantity of its transaction/operations risk, especially if the bank is offering innovative services that have not been standardised. Since customers expect e-banking services to be available 24×7, banks should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability.
The auditor should examine whether in order to mitigate transaction/operations risk, the bank has put in place effective policies, procedures, and controls to meet the new risk exposures introduced by ebanking. The basic internal controls would include segregation of duties, dual controls, and reconciliations. Information security controls, in particular, become more significant requiring additional processes, tools, expertise and testing.
Credit Risk
Generally, the bank’s credit risk is not increased by the mere fact that a loan is originated through an e-banking channel. However, the bank should
ensure that additional precautions are in place when originating and approving loans electronically including assuring management information systems effectiveness by preparing a track of the performance of portfolios originated through e-banking channels. The following aspects of on-line loan origination and approval tend to make risk management of the lending process more challenging:
effectiveness by preparing a track of the performance of portfolios originated through e-banking channels. The following aspects of on-line loan origination and approval tend to make risk management of the lending process more
challenging:
Verifying the customer’s ID for on-line credit applications and executing an enforceable contract;
Monitoring and controlling the growth, pricing, and on-going credit quality of loans originated through e-banking channels;
Monitoring and oversight of third-parties operations doing business as agents or on behalf of the banks;
Valuing collateral and perfecting liens over a potentially wider geographic area; and
Collecting loans from individuals over a potentially wider geographic area.
If not properly managed, these aspects can significantly increase credit risk.
Compliance/ Legal Risk
Compliance and legal issues arise out of the rapid growth in usage of e-banking services and the differences between the electronic and paper-based
processes. E-banking is a new delivery channel where the laws and rules governing the electronic delivery of certain financial products or services may be ambiguous or still evolving. Specific regulatory and legal challenges include:
Uncertainty over the legal jurisdictions applicable to the transaction taking place through e-banking;
Delivery of credit and deposit related disclosures/notices as required by law or regulation;
Retention of required compliance documentation for on-line advertising, applications, statements, disclosures, notices; and
Establishment of legally binding electronic agreements.
Banks offering e-banking services, both informational and transactional, assume a higher level of compliance risk because of the changing nature of the technology, the speed at which errors can be replicated, and the frequency of regulatory changes to address e-banking issues. The potential for violations is further heightened by the need to ensure consistency between paper and electronic advertisements, disclosures and notices.
Reputational Risk
The rise of the sophisticated cyber crime has become one of the fastest growing security and reputational risks to banks. The cyber crime landscape features malware exploits that can routinely evade traditional security controls. The reactive attack and penetration approaches of the past may no longer be sufficient to deal effectively with that level of ingenuity of cyber attacks and are being replaced with new forms of cyber intelligence capable of enhancing traditional security programs. Adding a layer of complexity to the issue is the rise of social networking, online communications, and online financial transactions. The bank has a significant role to play in identifying and addressing this risk thereby safeguarding its reputation and instilling the confidence in its customers.