The most important category of risk management for e-banking services is transcation risk or operational risk. Operational risk is the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events. The main causes for operational risk can be:
- Inadequate Information Systems
- Breaches in internal controls
- Processing Errors
- Unforeseen catastrophes
The inadequate information system can result from general risks or from application oriented risks. The general risks can include physical access to the hardware, logical
access to the information and communication technology systems, emergency management or from an insufficient backup recovery measures-mitigate the consequences of system failures.
A high level of transaction risk may exist with Internet banking products, particularly if those lines of business are not adequately planned, implemented, and monitored. Banks that offer financial products and services through the Internet must be able to meet their customer’s expectations. Banks must also ensure they have the right product mix and capacity to deliver accurate, timely, and reliable services to develop a high level of confidence in their brand name. Customers who conduct business over the Internet are likely to have little tolerance for errors or omissions from financial institutions that do not have sophisticated internal controls to manage their Internet banking business. Likewise, customers will expect continuous availability of the product and Web pages that are easy to navigate. Most Internet banking platforms are based on new platforms which use complex interfaces to link with legacy systems, thereby increasing risk of transaction errors. There is also a need to ensure data integrity and non-repudiation of transactions. Third-party providers also increase transaction risks, since the organization does not have full control over a third party. Without seamless process and system connections between the bank and the third party, there is a higher risk of transaction errors.
In most instances, e-banking activities will increase the complexity of the institution’s activities and the quantity of its transaction/operations risk, especially if the institution is offering innovative services that have not been standardized. Since customers expect ebanking services to be available 24 hours a day, 7 days a week, financial institutions should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability. Even institutions that do not consider e-banking a critical financial service due to the availability of alternate processing channels, should carefully consider customer expectations and the potential impact of service disruptions on customer satisfaction and loyalty.
The level of transaction risk is affected by the following factors;
- The structure of the institution’s processing environment, including the types of services offered and;
- The complexity of the processes and supporting technology
Control of Transaction Risks
Controlling transaction risk lies in adapting effective polices, procedures, and controls to meet the new risk exposures introduced by e-banking
- Basic internal controls including segregation of duties, dual controls, and reconcilements
- Information security controls become more significant requiring additional processes, tools, expertise, and testing.
- Institutions should determine the appropriate level of security controls abased on their assessment of the sensitivity of the information to the
- customer and to the institution and on the institution’s established risk tolerance level.