Lecture 2 - EBanking Risks
Lecture 2 - EBanking Risks
Lecture 2 - EBanking Risks
BSc (Hons) Banking and International Finance MMIS 2301: E-Banking and E-Trading
In the past several years, many economists have considered the impact of the digital
revolution on the money and banking system, and by extension the macroeconomy.
1
Lecture 2: E-Banking Risks
Although many of the papers on e-money and e-banking have contained useful insights
into these developments, they have also tended to paint an incomplete and even confusing
picture. The application of information technology to money and banking raises many
interesting questions. But to make further progress in understanding the economic effects,
we need to advance in a very important area: what is the risk management for e-banking?
In many ways, e-banking is not unlike traditional payment, inquiry, and information
processing systems, differing only in that it utilises a different delivery channel. Any
decision to adopt e-banking is normally influenced by a number of factors. These include
customer service enhancement and competitive costs, all of which motivate banks to
assess their electronic commerce strategies.
E-banking can improve a bank’s efficiency and competitiveness, so that existing and
potential customers can benefit from a greater degree of convenience in effecting
transactions. This increased level of convenience offered by the bank, when combined
with new services, can expand the bank’s target customers beyond those in traditional
markets. Consequently, financial institutions are therefore becoming more aggressive in
adopting electronic banking capabilities that include sophisticated marketing systems,
remote-banking capabilities, and stored value programs. Internationally, familiar
examples include telephone banking, automated teller networks, and automated
clearinghouse systems. Such technological advances have brought greater sophistication
to all users, commercial and “the man in the street”.
A bank may be faced with different levels of risks and expectations arising from
electronic banking as opposed to traditional banking. Furthermore, customers who rely
on ebanking services may have greater intolerance for a system that is unreliable or one
that does not provide accurate and current information. Clearly, the longevity of ebanking
depends on its accuracy, reliability and accountability. The challenge for many banks is
to ensure that savings from the electronic banking technology more than offset the costs
and risks involved in such changes to their systems.
2
Lecture 2: E-Banking Risks
While financial institutions have faced difficulties over the years for a multitude of
reasons, the major cause of serious banking problems continues to be directly related to
lax credit standards for borrowers and counterparties, poor portfolio risk management or
a lack of attention to changes in economic or other circumstances that can lead to a
deterioration in the credit standing of a bank’s counterparties.
There are always two sides to a coin. Similarly Internet banking too has a ‘bane’ side to
it. The bane lies in its inexorable slide towards higher risk from various facets of bank
operations. Risk is the potential that unexpected events may have an adverse impact on
the banks earnings. Internet banking risks consists of risk associated with credit, interest
rate, transaction, etc. These risks are not mutually exclusive but invariably all of these are
associated with Internet banking.
1. TRANSACTION/OPERATIONS RISK
The most important category of risk management for e-banking services is operational
risk. Operational risk is the risk of direct or indirect loss resulting from inadequate or
failed internal processes, people and systems or from external events. The main causes
for operational risk can be:
Inadequate Information Systems
Breaches in internal controls
Fraud
Processing Errors
Unforeseen catastrophes
3
Lecture 2: E-Banking Risks
The inadequate information system can result from general risks or from application
oriented risks. The general risks can include physical access to the hardware, logical
access to the information and communication technology systems, emergency
management or from an insufficient backup recovery measures-mitigate the
consequences of system failures.
A high level of transaction risk may exist with Internet banking products, particularly if
those lines of business are not adequately planned, implemented, and monitored. Banks
that offer financial products and services through the Internet must be able to meet their
customer’s expectations. Banks must also ensure they have the right product mix and
capacity to deliver accurate, timely, and reliable services to develop a high level of
confidence in their brand name. Customers who conduct business over the Internet are
likely to have little tolerance for errors or omissions from financial institutions that do not
have sophisticated internal controls to manage their Internet banking business. Likewise,
customers will expect continuous availability of the product and Web pages that are easy
to navigate
Most Internet banking platforms are based on new platforms which use complex
interfaces to link with legacy systems, thereby increasing risk of transaction errors. There
is also a need to ensure data integrity and non-repudiation of transactions. Third-party
providers also increase transaction risks, since the organization does not have full control
over a third party. Without seamless process and system connections between the bank
and the third party, there is a higher risk of transaction errors.
In most instances, e-banking activities will increase the complexity of the institution’s
activities and the quantity of its transaction/operations risk, especially if the institution is
offering innovative services that have not been standardized. Since customers expect e-
banking services to be available 24 hours a day, 7 days a week, financial institutions
should ensure their e-banking infrastructures contain sufficient capacity and redundancy
to ensure reliable service availability. Even institutions that do not consider e-banking a
4
Lecture 2: E-Banking Risks
critical financial service due to the availability of alternate processing channels, should
carefully consider customer expectations and the potential impact of service disruptions
on customer satisfaction and loyalty
* Redundancy: The ability of a system to keep functioning normally in the event of a component
failure, by having backup components that perform duplicate functions
The structure of the institution’s processing environment, including the types of services
offered and the complexity of the processes and supporting technology
5
Lecture 2: E-Banking Risks
2. CREDIT RISK
Credit risk is the risk to earning and eventually capital, arising from a borrower’s failure
to meet the terms of a credit contract with the bank or otherwise to perform as agreed. It
is found in all activities where success depends on counterparty, issuer, or borrower
performance. It arises any time bank findings are extended, committed, invested, or
otherwise exposed through actual or implied contractual agreements, whether on or off
the bank’s balance sheet.
Internet banking provides the opportunity for banks to expand their geographic range.
Customers can reach a given institution from literally anywhere in the world. In dealing
with customers over the Internet, absent of any personal contact, it is challenging for
institutions to verify the bona fide of their customers, which is an important element in
making sound credit decisions. Verifying collateral and perfecting security agreements
can also be challenging with out-of-area borrowers.
NOTE: Generally, a financial institution’s credit risk is not increased by the mere fact
that a loan is originated through an e-banking channel.
6
Lecture 2: E-Banking Risks
The following aspects of on-line loan origination and approval tend to make risk
management of the lending process more challenging. If not properly managed, these
aspects can significantly increase credit risk.
• Verifying the customer’s identity for on-line credit applications and executing an
enforceable contract
• Monitoring and controlling the growth, pricing, underwriting standards, and
ongoing credit quality of loans originated through e-banking channels
• Monitoring and oversight of third-parties doing business as agents or on behalf of
the financial institution (for example, an Internet loan origination site or electronic
payments processor).
• Monitoring any increased volume of, and possible concentration in, out-of-area
lending.
Liquidity risk is the uncertainty arising from a bank’s inability to meet its obligations
when they are due, without incurring unacceptable losses. Liquidity risk includes the
inability to manage unplanned changes in market conditions affecting the ability of the
bank to liquidate assets quickly and with minimal loss in value.
Internet banking increases deposit volatility from customers who maintain accounts
solely on the basis of rates or terms. Increased monitoring of liquidity and changes in
7
Lecture 2: E-Banking Risks
deposits and loans maybe warranted depending on the volume and nature of Internet
account activities. In a nutshell, the Internet allows all transactions to occur in real time.
The management must therefore be prepared for immediate changes and consequently
immediate solutions.
An institution can control this potential volatility and expanded geographic reach through
its deposit contract and account opening practices, which might involve face-to-face
meetings or the exchange of paper correspondence. The institution should modify its
policies as necessary to address the following e-banking funding issues:
2. Potential acquisition of funds from markets where the institution is not licensed
to engage in banking, particularly if the institution does not establish, disclose,
and enforce geographic restrictions.
4. COMPLIANCE/LEGAL RISK
This is the risk to earnings or capital arising from violations of, or nonconformance with,
laws, regulations and ethical standards. Compliance risk may lead to diminished
reputation, actual monetary losses and reduced business opportunities. Banks need to
carefully understand and interpret existing laws as they apply to Internet banking and
ensure consistency with other channels such as branch banking. This risk is amplified
when the customer, the bank and the transaction are in more than one country.
Conflicting laws, tax procedures and reporting requirements across different jurisdictions
8
Lecture 2: E-Banking Risks
add to the risk. The need to keep customer data private and seek customers' consent
before sharing the data also adds to compliance risk. Customers are very concerned about
the privacy of their data and banks need to be seen as reliable guardians of such data.
Finally, the need to consummate transactions immediately (straight-through processing)
may lead to banks relaxing traditional controls, which aim to reduce compliance risk.
• Compliance and legal issues arise out of the rapid growth in usage of e-banking
and the differences between electronic and paper-based processes
Institutions that offer e-banking services, both informational and transactional, assume a
higher level of compliance risk because of the changing nature of the technology, the
speed at which errors can be replicated, and the frequency of regulatory changes to
address e-banking issues. The potential for violations is further heightened by the need to
ensure consistency between paper and electronic advertisements, disclosures, and notices
9
Lecture 2: E-Banking Risks
5. STRATEGIC RISK
This is the current and prospective risk to earnings and capital arising from adverse
business decisions or improper implementation of business decisions. Many senior
managers do not fully understand the strategic and technical aspects of Internet banking.
Spurred by competitive and peer pressures, banks may seek to introduce or expand
Internet banking without an adequate cost-benefit analysis. The organization structure
and resources may not have the skills to manage Internet banking.
In other words, will the bank get it right? Will it make the right choices when it comes to
investing in e-banking or will it waste money by going down a technological blind alley?
Should it attempt to take the lead in new technology ahead of its competitors, or should it
be a follower and adopt a "wait and see" approach? The latter may be the safer course of
action for smaller banks, though it does create the risk of being left behind.
A financial institution’s board and management should understand the risks associated
with e-banking services and evaluate the resulting risk management costs against the
potential return on investment prior to offering e-banking services.
Poor e-banking planning and investment decisions can increase a financial institution’s
strategic risk. Early adopters of new e-banking services can establish themselves as
innovators who anticipate the needs of their customers, but may do so by incurring higher
costs and increased complexity in their operations.
Conversely, late adopters may be able to avoid the higher expense and added complexity,
but do so at the risk of not meeting customer demand for additional products and
services. In managing the strategic risk associated with e-banking services, financial
institutions should develop clearly defined e-banking objectives by which the institution
can evaluate the success of its e-banking strategy.
10
Lecture 2: E-Banking Risks
• To manage the strategic risk financial institutions should pay attention to the
following:
6. REPUTATION RISK
This is the current and prospective risk to earnings and capital arising from negative
public opinion. A bank's reputation can be damaged by Internet banking services that are
poorly executed (e.g., limited availability, buggy software, poor response). Customers are
less forgiving of any problems and thus there are more stringent performance
expectations from the Internet channel. Hypertext links could link a bank's site to other
sites and may reflect an implicit endorsement of the other sites
11
Lecture 2: E-Banking Risks
Risk of damage to the bank's reputation goes along with the other risks I have mentioned.
It can arise, for example, from operational risk even if customers suffer no actual
damage. If a hacker successfully breaks into a bank's website and makes alterations, the
bank concerned can suffer substantial damage to its reputation although customers'
balances are safe and the hacker has not obtained any financial benefit.
This does not only affect the individual bank concerned but may also undermine
confidence in the security of e-banking more generally and therefore slow down
development in this area.
Systems breakdown, even if only temporary, is another example of how banks may be
affected by bad publicity. Given the fact that the element of trust is so fundamental to
banks' business, banks will find it increasing important to adopt measures to manage
reputational risk and incorporate public relations strategies into their overall risk
management framework.
Some of the ways in which e-banking can influence an institution’s reputation include
the following:
12
Lecture 2: E-Banking Risks
As noted in the prior section, e-banking has unique characteristics that may increase an
institution’s overall risk profile and the level of risks associated with traditional financial
services, particularly strategic, operational, legal, and reputation risks. These unique
ebanking characteristics include
Transactional e-banking web sites and associated retail and wholesale business
applications are typically integrated as much as possible with legacy computer
systems to allow more straight-through processing of electronic transactions. Such
straight-through automated processing reduces opportunities for human error and
fraud inherent in manual processes, but it also increases dependence on sound
systems design and architecture as well as system interoperability and operational
scalability.
13
Lecture 2: E-Banking Risks
Management should review each of the processes discussed in this section to adapt and
expand the institution’s risk management practices as necessary to address the risks posed
by e-banking activities.
14