What is Internet Banking? "Internet banking" refers to systems that enable bank customers to access accounts and general Information on bank products and services through a personal computer (PC) or other Intelligent device. Internet banking products and services can include wholesale products for corporate customers as well as retail and fiduciary products for consumers. Ultimately, the products and services obtained through Internet banking may mirror products and services offered through other bank delivery channels. Some examples of wholesale products and services include: [Pl] Cash management.
Wire transfer. Automated Clearinghouse (ACH) Transactions. Bill presentment and payment. Examples of retail and fiduciary products and services include: [pick] Balance inquiry. Funds transfer. Downloading transaction Information. Loan applications. Investment activity. Other value-added services. Other Internet banking services may include providing Internet access as an Internet Service Provider (ISP). Historically, banks have used information systems technology to process checks (item processing), drive ATM machines (transaction processing), and produce reports (management information systems).
In the past, the computer systems that made the Information systems operate were rarely noticed by customers. Today, Web sites, electronic mall, and electronic bill presentment and payment systems are an Important way for banks to reach their customers. Considerations are motivating banks to evaluate their technology and assess their electronic commerce and Internet banking customers using online strategies. Many researchers expect rapid growth in banking products and services.
Types of Internet Banking Understanding the various types of Internet banking products will help examiners assess the risks involved. Currently, the following three basic kinds of Internet banking are being employed in the marketplace: [pick] Informational ----This is the basic level of Internet banking. Typically, the bank has marketing information about the bank products and services on a stand- alone server. The risk is relatively low, as informational systems typically have no path between the server and the bank internal network.
This level of Internet banking can be provided by the bank or outsourced. While the risk to a bank is relatively low, the server or Web site may be vulnerable to alteration. Appropriate controls therefore must be in place to prevent unauthorized alterations to the bank server or Web site. [pick] Communicative ----This type of Internet banking system allows some interaction between the bank systems and the customer. The interaction may be limited to electronic mail, account inquiry, loan applications, or static file updates (name and address changes).
Because these servers may have a path to the bank internal networks, the risk is higher with this configuration than with informational systems. Appropriate controls need to be in place to prevent, monitor, and alert management of any unauthorized attempt to access the bank internal networks and computer systems. Virus controls also become much more critical in this environment. [pick] Transactional ---This level of Internet banking allows customers to execute transactions.
Since a path typically exists between the server and the bank or outsourcer internal network, this is the highest risk architecture and must have the strongest controls. Customer transactions can include accessing accounts, paying bills, transferring funds, etc. What is Online banking? Transfer money to/from his/her account and know his/her account status and general information on bank products and services of a branch from any branches of the respective bank. Southeast bank announces the introduction of Real Time On-Line Any Branch Banking Services to its customers. pick] Cash Withdrawal and Cash deposits: From now on any customer of the bank can draw or deposits money from/to his/her account from any of our branches. The respective account will be debited/credited instantly. Instant Fund Transfer: No more TTT(Telegraph Transfer). Now you can transfer fund instantly from your account to any other account(s) maintained in any of our branches. pick] Balance Inquiry: You can check your up to date account balance from any [pick] Account Statement: You can get your up to date account statement on-line from any of our branches.
Difference between Internet banking & Online banking: Actually there is no more difference between Internet banking and online banking. The major difference of the Internet and online banking is that customer able to know his/her whole account information like balance inquiry, funds transfer, downloading transaction information, bill presentment and payment, loan applications, investment activity, other value-added services etc. Room his/ her personal computer (PC) or any other intelligent device with internet banking service.
With online banking service customer know the information from any branch of the At present Southeast Bank Limited provided the online banking. But they will provide the Internet banking service to the customer as soon as possible. Now they inspect the situation and try to find out the technical facility , how they use technology in proper way, internet banking risk, internal control process and other issues in internet banking. Then they proceed to internet banking service. Internet Banking Risks Internet banking creates new risk control challenges for banks.
From a supervisory perspective, risk is the potential that events, expected or unexpected, may have an adverse impact on the bank earnings or capital. The COCO has defined nine categories of risk for bank supervision purposes. The risks are Credit risk Interest rate risk Liquidity risk Price risk Foreign exchange risk Transaction risk Compliance risk Strategic risk Reputation risk These categories are not mutually exclusive and all of these risks are associated with Internet banking. [pick] Credit Risk
Credit risk is the risk to earnings or capital arising from an obligators failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Credit risk is found in all activities where success depends on counter party, issuer, or borrower performance. It arises any time bank funds are extended, committed, invested, or otherwise exposed through actual or implied contractual agreements, whether on or off the banks balance sheet. Internet banking provides the opportunity for banks to expand their geographic range.
Customers can reach a given institution from literally anywhere in the world. In dealing with customers over the Internet, absent any personal contact, it is challenging for institutions to verify the bonfires of their customers, which is an important element in making sound credit decisions. Verifying collateral and perfecting security agreements also can be challenging with out-of-area borrowers. Unless properly managed, Internet banking could lead to a concentration in out-of- area credits or credits within a single industry.
Moreover, the question of which state's or country's laws control an Internet relationship is still developing. Effective oared and management understand and control the banks lending risk profile and credit culture. They must assure that effective policies, processes, and practices are in place to control the risk associated with such loans. [pick] Interest Rate Risk Interest rate risk is the risk to earnings or capital arising from movements in interest rates. From an economic perspective, a bank focuses on the sensitivity of the value of its assets, liabilities and revenues to changes in interest rates.
Interest rate risk arises from differences between the timing of rate changes and the timing of cash lows (reprising risk); from changing rate relationships among different yield curves affecting bank activities (basis risk); from changing rate relationships across the spectrum of maturities (yield curve risk); and from interest-related options embedded in bank products (options risk). Evaluation of interest rate risk must consider the impact of complex; illiquid hedging strategies or products, and also the potential impact that changes in interest rates will have on fee income.
In those situations where trading is separately managed, this refers to structural positions ND not trading portfolios. Internet banking can attract deposits, loans, and other relationships from a larger pool of possible customers than other forms of marketing. Greater access to customers who primarily seek the best rate or term reinforces the need for managers to maintain appropriate asset/liability management systems, including the ability to react quickly to changing market conditions. pick] Liquidity Risk Liquidity risk is the risk to earnings or capital arising from a banks inability to meet its obligations when they come due, without incurring unacceptable losses. Liquidity risk includes the inability to manage unplanned changes in funding sources. Liquidity risk also arises from the failure to recognize or address changes in market conditions affecting the ability of the bank to liquidate assets quickly and with minimal loss in value. Internet banking can increase deposit volatility from customers who maintain accounts solely on the basis of rate or terms.
Asset/liability and loan portfolio management systems should be appropriate for products offered through Internet banking. Increased monitoring of liquidity and changes in deposits and mans may be warranted depending on the volume and nature of Internet account activities. [pick] Price Risk Price risk is the risk to earnings or capital arising from changes in the value of traded position taking in interest rate, foreign exchange, equity, and commodities markets. Banks may be exposed to price risk if they create or expand deposit brokering, loan sales, or serialization programs as a result of Internet banking activities.
Appropriate management systems should be maintained to monitor, measure, and manage price risk if assets are actively traded. [pick] Foreign Exchange Risk Foreign exchange risk is present when a loan or portfolio of loans is denominated in a foreign currency or is funded by borrowings in another currency. In some cases, banks will enter into multi-currency credit commitments that permit borrowers to select the currency they prefer to use in each rollover period.
Foreign exchange risk can be intensified by political, social, or economic developments. The consequences can be unfavorable if one of the currencies involved becomes subject to stringent exchange controls or is subject to wide exchange-rate fluctuations. [pick Transaction Risk Transaction risk is the current and prospective risk to earnings and capital arising from fraud, error, and the inability to deliver products or services, maintain a competitive position, and manage information.
Transaction risk is evident in each product and service offered and encompasses product development and delivery, transaction processing, systems development, computing systems, complexity of products and services, and the internal control environment. A high level of transaction risk may exist with Internet banking products, particularly if those lines of business are not adequately planned, implemented, and monitored. Banks that offer financial products and services through the Internet must be able to meet their customers expectations.
Banks must also ensure they have the right product mix and capacity to deliver accurate, timely, and reliable services to develop a high level of confidence in their brand name. Customers who do business over the Internet are likely to have little tolerance for errors or omissions from financial institutions that do not have sophisticated internal controls to manage their Internet banking business. Likewise, customers will expect continuous availability of the product and Web pages hat are easy to navigate.
Software to support various Internet banking functions is provided to the customer from a variety of sources. Banks may support customers using customer-acquired or bank-supplied browsers or personal financial manager (FM) software. Good communications between banks and their customers will help manage expectations on the compatibility of various FM software products. Attacks or intrusion attempts on banks computer and network systems are a major concern. Studies show that systems are more vulnerable to internal attacks than external, cause internal system users have knowledge of the system and access.
Banks should have sound preventive and detective controls to protect their Internet business resumption planning is necessary for banks to be sure that they can deliver products and services in the event of adverse circumstances. Internet banking products connected to a robust network may actually make this easier because back up capabilities can be spread over a wide geographic area. For example, if the main server is inoperable, the network could automatically reroute traffic to a back up server in a different geographical location.
Security issues should be considered when the institution develops its contingency and business resumption plans. In such situations, security and internal controls at the back-up location should be as sophisticated as those at the primary processing site. High levels of system availability will be a key expectation of customers and will likely differentiate success levels among financial institutions on the Internet. [pick] Compliance Risk Compliance risk is the risk to earnings or capital arising from violations of, or unconformable with, laws, rules, regulations, prescribed practices, or ethical standards.
Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the banks clients may be ambiguous or untested. Compliance risk exposes the institution to fines, civil money penalties, payment of damages, and the voiding of contracts. Compliance risk can lead to a diminished reputation, reduced franchise value, limited business opportunities, reduced expansion potential, and lack of contract enforceability. Most Internet banking customers will continue to use other bank delivery channels.
Accordingly, national banks will need to make certain that their disclosures on Internet banking Hansel, including Web sites, remain synchronized with other delivery channels to ensure the delivery of a consistent and accurate message to customers. Federal consumer protection laws and regulations, including CRA and Fair Lending, are applicable to electronic financial services operations including Internet banking. Moreover, it is important for national banks to be familiar with the regulations that permit electronic delivery of disclosures/notices versus those that require traditional hard copy notification.
National banks should carefully review and monitor all acquirement applicable to electronic products and services and ensure they comply with evolving statutory and regulatory requirements. Advertising and record-keeping requirements also apply to banks Web sites and to the products and services offered. Advertisements should clearly and conspicuously display the FIDE insurance notice, where applicable, so customers can readily determine whether a product or service is insured. Regular monitoring of bank Web sites will help ensure compliance with applicable laws, rules, and regulations.
The anonymity of banking over the Internet poses a challenge in adhering to BAS standards. Banks planning to allow the establishment of new accounts over the Internet should have rigorous account opening standards. Also, the bank should set up a control system to identify unusual or suspicious activities and, when appropriate, file suspicious activity reports (Cars). The BAS funds transfer rules also apply to funds transfers or transmittal performed exceptions. The rules require banks to ensure that customers provide all the required information before accepting transfer instructions.
The record keeping requirements imposed by the rules allow banks to retain written or electronic records of the information. The Office of Foreign Asset Control (OPAC) administers laws that impose economic sanctions against foreign nations and individuals. This includes blocking accounts and other assets and prohibiting financial transactions. Internet banking businesses must comply with OPAC requirements. A bank needs to collect enough information to identify customers and determine whether a particular transaction is prohibited under OPAC rules.
Strategic Risk Strategic risk is the current and prospective impact on earnings or capital arising from adverse business decisions, improper implementation of decisions, or lack of expensiveness to industry changes. This risk is a function of the compatibility of an organization's strategic goals, the business strategies developed to achieve those goals, the resources deployed against these goals, and the quality of implementation. The resources needed to carry out business strategies are both tangible and intangible. They include communication channels, operating systems, delivery networks, and managerial capacities and capabilities.
The organization's internal characteristics must be evaluated against the impact of economic, technological, competitive, regulatory, and other environmental changes. Management must understand the risks associated with Internet banking before they make a decision to develop a particular class of business. In some cases, banks may offer new products and services via the Internet. It is important that management understand the risks and ramifications of these decisions. Sufficient levels of technology and MIS are necessary to support such a business venture.
Because many banks will compete with financial institutions beyond their existing trade area, those engaging in Internet banking must have a strong link between the technology employed and the banks strategic planning process. Before introducing a Internet banking product, management should consider whether the product and technology are consistent with tangible business objectives in the banks strategic plan. The bank also should consider whether adequate expertise and resources are available to identify, monitor, and control risk in the Internet banking business.
The planning and decision making process should focus on how a specific business need is met by the Internet banking product, rather than focusing on the product as an independent objective. The banks technology experts, along with its marketing and operational executives, would contribute to the decision making and planning process. They should ensure that the plan is consistent with the overall business objectives of the bank and is bring about rapid changes in competitive forces. Accordingly, the strategic vision should determine the way the Internet banking product line is designed, implemented, and monitored.
Reputation Risk Reputation risk is the current and prospective impact on earnings and capital arising from negative public opinion. This affects the institution's ability to establish new relationships or services or continue servicing existing relationships. This risk may expose the institution to proceedings, financial loss, or a decline in its customer base. Reputation risk exposure is present throughout the organization and includes the responsibility to exercise an abundance of caution in dealing with customers and the community.
A banks reputation can suffer if it fails to deliver on marketing claims or to provide accurate, timely services. This can include failing to adequately meet customer credit needs, providing unreliable or inefficient delivery systems, untimely responses to customer inquiries, or violations of customer privacy expectations. A banks petition can be damaged by Internet banking services that are poorly executed or otherwise make unfriendly customers and the public. Well designed marketing, including disclosures, is one way to educate potential customers and help limit reputation risk.
Customers must understand what they can reasonably expect from a product or service and what special risks and benefits they incur when using the system. As such, marketing concepts need to be coordinated closely with adequate disclosure statements. A national bank should not market the banks Internet banking system based on features or attributes the system does not have. The marketing program must present the product fairly and accurately. Banks should carefully consider how connections to third parties are presented on their Web sites. Hypertext links are often used to enable a customer to link to a third party.
Such links may reflect an endorsement of the third party's products or services in the eyes of the customer. It should be clear to the customer when they have left the banks Web site so that there is no confusion about the provider of the specific products and services offered or the security and privacy standards that apply. Similarly, adequate closures must be made so that customers can distinguish between insured and non-insured products. Banks need to be sure that their business continuity plans include the Internet banking business.
Regular testing of the business continuity plan, including communications strategies with the press and public, will help the bank ensure it can respond effectively and promptly to any adverse customer or media reactions. Financial institutions, their card associations, and vendors are working to develop an Internet payment infrastructure to help make electronic commerce secure. Many in the banking industry expect significant growth in the use of the Internet for the purchase of goods and services and electronic data interchange.
The banking industry also recognizes that the Internet must be secure to achieve a high level of confidence with both consumers and businesses. Sound management of banking products and services, especially those provided over the Internet, is fundamental to maintaining a high level of public confidence not only in the individual bank and its brand name but also in the banking system as a whole. Key components that will alp maintain a high level of public confidence in an open network environment include: Security Authentication Trust Nonresidential Privacy Availability Security is an issue in Internet banking systems.
Some national banks allow for direct dial-in access to their systems over a private network while others provide network access through the Internet. Although the publicly accessible Internet generally may be less secure, both types of connections are vulnerable to interception and alteration. For example, hardware or software "snifters" can obtain passwords, account numbers, credit card numbers, etc. Thou regard to the means of access. Banks therefore must have a sound system of internal controls to protect against security breaches for all forms of electronic access.
A sound system of preventive, detective, and corrective controls will help assure the integrity of the network and the information it handles. "Firewalls" are frequently used on Internet banking systems as a security measure to protect internal systems and should be considered for any system connected to an outside network. Firewalls are a combination of hardware and software placed between two networks through which all traffic must pass, sugarless of the direction of flow. They provide a gateway to guard against unauthorized individuals gaining access to the banks network.
The mere presence of a firewall does not assure logical security and firewalls are not impenetrable: firewalls must be configured to meet a specific operating environment and they must be evaluated and maintained on a regular basis to assure their effectiveness and efficiency. Individuals who are technically competent must perform the installation, configuration, evaluation, and maintenance of firewalls. The specific risks involved may require a broad range of security controls.