| |
| |
List of Figures | |
| |
| |
List of Tables | |
| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
Foreword | |
| |
| |
INTRODUCTION TO E-BANKING | |
| |
| |
E-Banking Basics | |
| |
| |
Evolution of e-banking | |
| |
| |
Impact on traditional banking | |
| |
| |
E-banking components | |
| |
| |
Regulatory approval | |
| |
| |
E-Banking Risks | |
| |
| |
Strategic risk | |
| |
| |
Operational risk | |
| |
| |
Compliance risk | |
| |
| |
Reputational risk | |
| |
| |
Other risks | |
| |
| |
Risk management challenges | |
| |
| |
The five-pillar approach | |
| |
| |
Product and Service-specific Risks | |
| |
| |
Internet banking | |
| |
| |
Aggregation services | |
| |
| |
Bill presentment and payment | |
| |
| |
Mobile banking | |
| |
| |
Weblinking | |
| |
| |
Electronic money | |
| |
| |
Cross-border transactions | |
| |
| |
New products and services | |
| |
| |
RISK MANAGEMENT | |
| |
| |
Risk Management Framework | |
| |
| |
Policies and procedures | |
| |
| |
Risk management process | |
| |
| |
Operational risk management | |
| |
| |
Governance and internal controls | |
| |
| |
Risk Management Organization | |
| |
| |
Organization structure | |
| |
| |
Board and senior management | |
| |
| |
Executive risk committee | |
| |
| |
IT management | |
| |
| |
Internal and external audit | |
| |
| |
International Standards | |
| |
| |
Basel Committee on banking supervision | |
| |
| |
COBIT 4.0 | |
| |
| |
ISO 17799 | |
| |
| |
OCTAVE | |
| |
| |
COSO - enterprise risk management | |
| |
| |
PCI data security standard | |
| |
| |
Financial Action Task Force | |
| |
| |
Corporate governance codes | |
| |
| |
Regulatory guidelines | |
| |
| |
INFORMATION SECURITY | |
| |
| |
Information Security Management | |
| |
| |
Security objectives | |
| |
| |
Security controls | |
| |
| |
Security risk assessment | |
| |
| |
Classifi cation of controls | |
| |
| |
Monitoring and testing | |
| |
| |
Incident response plan | |
| |
| |
Operational Controls | |
| |
| |
Personnel issues | |
| |
| |
Segregation of duties | |
| |
| |
Technical issues | |
| |
| |
Database management | |
| |
| |
Change management | |
| |
| |
Backups and off-site storage | |
| |
| |
Insurance | |
| |
| |
Fraud management | |
| |
| |
Technical Controls | |
| |
| |
Logical access controls | |
| |
| |
Identifi cation and authentication | |
| |
| |
Authentication methods | |
| |
| |
Audit trails | |
| |
| |
Network security | |
| |
| |
Firewalls | |
| |
| |
Malicious code | |
| |
| |
Information security incidents | |
| |
| |
OUTSOURCING | |
| |
| |
Outsourcing in E-Banking | |
| |
| |
Types of outsourcing | |
| |
| |
Material outsourcing | |
| |
| |
Supervisory approach | |
| |
| |
Key risks of outsourcing | |
| |
| |
Board and senior management responsibility | |
| |
| |
Outsourcing policy | |
| |
| |
Managing Outsourced Services | |
| |
| |
Outsourcing decisions | |
| |
| |
Risk assessment and control | |
| |
| |
Service provider due diligence | |
| |
| |
Offshoring | |
| |
| |
Contingency plans | |
| |
| |
Customer service | |
| |
| |
Monitoring and audit | |
| |
| |
Outsourcing Contracts | |
| |
| |
Contractual provisions | |
| |
| |
Right of access clauses | |
| |
| |
Termination clause | |
| |
| |
Offshoring contracts | |
| |
| |
Confi dentiality and security clauses | |
| |
| |
Business continuity clauses | |
| |
| |
BUSINESS CONTINUITY | |
| |
| |
Business Continuity Management | |
| |
| |
The main drivers | |
| |
| |
Board and senior management responsibility | |
| |
| |
Components of BCM | |
| |
| |
Business impact analysis | |
| |
| |
BIA methodologies | |
| |
| |
Recovery strategy | |
| |
| |
Business Continuity Plan | |
| |
| |
Major components of BCP | |
| |
| |
Continuity management team | |
| |
| |
Recovery procedures | |
| |
| |
Resource requirements | |
| |
| |
External communications | |
| |
| |
Plan maintenance | |
| |
| |
Awareness and training | |
| |
| |
Testing of BCP | |
| |
| |
Testing methods | |
| |
| |
Data Centers and Alternate Sites | |
| |
| |
Evolution of data centers | |
| |
| |
Location of the sites | |
| |
| |
Mitigating concentration risk | |
| |
| |
Data center design | |
| |
| |
Logistics management | |
| |
| |
Maintenance procedures | |
| |
| |
Alternate site models | |
| |
| |
External support | |
| |
| |
Business continuity in real life | |
| |
| |
LEGAL AND REGULATORY COMPLIANCE | |