The Bank for International Settlements has detailed 14 risk management principles in an effort to help banks manage and control their electronic banking activities.
The oversight guidelines have been laid out in the final versions of two papers published by the electronic banking group of the Basel Committee on Bank Supervision. Initially released for consultation in October 2002 and May 2001, the final papers do not show significant changes compared to the consultative versions.
The first paper - risk management principles for electronic banking - lays down 14 guidelines that focus on the oversight responsibilities of the board of directors and management, the need for appropriate security controls, and the management of legal and reputational risk associated with electronic banking activities.
The second paper - management and supervison of cross-border electronic banking activities - identifies additional risk management principles specific to cross-border electronic banking activities.
The published documents underscore the Committee's view that supervisory expectations should be tailored and adapted to online banking but not fundamentally different to those applied to banking activities delivered through traditional channels.
However, in certain areas, such as the management of outsourcing relationships, security controls and the management of legal and reputational risk, the characteristics of the Internet distribution channel call for more detailed principles than those expressed to date.
"Our goal with these electronic banking principles is to promote safe and sound banking industry and supervisory practices without creating undue regulatory burden or impediments to a bank's use of the Internet delivery channel to meet customer needs," says US Comptroller of the Currency John Hawke, who chaired the group. "At the same time, we expect bankers to be mindful of the need to have in place adequate risk management processes, provide adequate disclosures to customers, and, in the case of cross-border activities, conduct appropriate risk assessment and due diligence."
To read the full papers, see: BIS lays down e-banking guidelines