The implementation of effective management controls for e-banking is the best way that banks can survive the overwhelming pressure that comes from the unprecedented rapid improvement in technology. Advancement in technology no doubt brought business opportunities in the banking sector that when appropriately leveraged on will significantly help banks and other financial institutions achieve their corporate objectives. This however also brought sizable challenges that can effectively take a bank out of business if not properly managed. Technology being an enabler works in two ways (in your favour and against you), all depending on how you employ its services.
The major risks associated with electronic banking are: strategic, transactional, and reputational. The advent of e-banking technically did not raise new banking risk but, amplified and modified traditional banking risks that already existed. The fact that core business and IT environment in modern business setting are tightly coupled allows IT to greatly influence the overall risk profile of e-banking. For a bank to reap the benefit that comes with deploying IT infrastructure, it must ensure that controls are in place to deal with IT risks.
For banks to survive, they should have robust and scalable risk management process that enables the bank to: identify, measure, and control their exposure to technological risks.
THREE (3) ESSENTIAL ELEMENTS OF NEW TECHNOLOGY RISK MANAGEMENT
There are three essential elements that every Chief Risk Officers (CRO) will need to realise in order for effective risk management to be implemented. One of such elements is the fact that risk management is the responsibility of the board of directors and senior management. Because e-banking risk management is a strategic decision, top management levels needs to be actively involved. Members of senior management team need to posses the relevant skills and knowledge that is needed to manage the business risk that is associated with ubiquitous electronic banking.
Another essential fact to note about new technology management is that implementing technology is the responsibility of senior IT management members. It is a must that IT senior management members should posses the skills to effectively evaluate online banking technologies and products and also ensure that these technologies and products are appropriately installed, configured and documented.
The third essential fact about effective risk management control of e-banking is that measuring and monitoring internet banking risk is the responsibility of members of operational management. The ability to effectively identify, measure, monitor and control risks that come with implementing electronic banking is a must have skill for operational managers.
SIX 6 CONTROLS THAT MAKE UP EFFECTIVE RISK MANAGEMENT IN E-BANKING ENVIRONMENT
- Establishment of effective top management oversight: for the campaign of e-banking risk management to be meaningful, top management needs to always be one step ahead of the park.
- Establishment of robust security process and procedure: robust and agile security procedure, policies and process must be in place in order to adequately keep up the ever evolving electronic banking risks. This should address issues of authorization, authentication, integrity, confidentiality and non-repudiation of e-banking transactions.
- The use of well designed outsourcing relationship with third party: due to the fact that most internet and online backing services are outsourced to specialist vendors, effective risk management entails that comprehensive due diligence process be performed before sealing the contract.
- The establishment of audit trail on every transaction: audit trail allows online transactions to be traced no matter how complex that might seem to be.
- Adherence to; disclosure, privacy and other regulatory issues: working within the ambit of the law usually protects an entity’s stance in the long run. For instance, financial institution that abides by the provisions of the PCI 2.0 will obviously be in a position to reduce business risks that is associated with e-banking and other online payment processing systems.
- Ensuring the provisioning of adequate business continuity plan, business recovery plan and incident response plan. This is the aspect that supports the non resiliency nature of electronic banking. The ability of a bank that is involved in e-banking to recover or respond the unanticipated incidence is very important in surviving the modern day banking competition.
This article is not in any way an exhaustive material on effective risk management controls for electronic banking. I will recommend that tools like COBIT and Risk IT be used by banks to address not only their e-banking risks, but the overall banking risk. COBIT and Risk IT are frameworks put together by ISACA to address issues of governance and risk in business, the latest version of COBIT as at the time of writing this article is COBIT 5. A trending practice now is a situation where businesses build their business models to seamlessly fit into frameworks like; the US SOA, COBIT, etc.
Internet banking or e-banking has over time assumed prominent position in the heart of finance and financial transaction. This fact makes the importance placed on effective risk management control for electronic banking by managers and management of banks.