Banking Technology Department
Table of Contents
1.1Electronic Banking Definition:4
1.4Objective of the Rules:6
1.5Scope of Application:6
2Supervision of E-Banking:7
2.2New E-banking Products:7
2.3Legal and Regulatory Requirements:7
3Customer Protection and Education:9
3.1Rights and Liabilities of Banks and Customers:9
3.2Customer Security and Education:9
4.1Types of Services:12
4.4Risk Management Approach:15
4.4.2Risk Analysis and quantification16
4.4.4Risk monitoring and review16
5Risk Management Principles for E-Banking:18
5.1Principles 1-3: Board and Management Oversight:18
5.2Principles 4-10: Security Controls:20
5.3Principles 11-14: Legal and Reputational Risk Management:23 Appendix 126
Security Controls Requirements32
2.1 Electronic Banking Definition:
The term “Electronic Banking” or “e-banking” is defined as remote banking services provided by authorized banks, or their representatives through devices operated either under the bank's direct control and management or under the outsourcing agreement. In other words, e-banking is an umbrella term for the process by which a customer may perform banking transactions electronically without visiting a branch and includes the systems that enable customers of banks, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network, including the Internet.
A “remote banking service” is defined as a:
* Dedicated banking service for which the Customer has explicitly registered and authorized. * Service supplied using devices that are not under the control of the Provider; * Service which demands the authentication of the Customer.
Cross-border e-banking is defined as the provision of transactional on-line banking products or services by a bank in one country to authorized customer in other countries. This definition would include situations where a foreign bank provides e-banking products or services to residents in a foreign country from (i) a location in the bank’s home country, or (ii) an “onshore” physical establishment in another foreign country.
The following terms used to describe the various forms of e-banking are often used interchangeably: personal computer (PC) banking; Internet banking; virtual banking; online banking; home banking and remote electronic-banking.
Usually, e-banking also involves phone banking and the use of automated teller machines (ATMs) but these are not covered under the above e-banking definition for the purpose of these Rules.
Furthermore, individual communications such as e-mail (digitally signed or otherwise) received by the Provider from a Customer outside the context of a remote banking service, are also not covered under this definition.
Various other related terms are defined in the Glossary at Appendix 1 to these Rules.
2.2 E-banking Evolution:
Technology developments and innovations are having a significant impact on the banking business. Banks face the challenge of adapting, innovating and responding to the opportunities provided by the technological advancements. The growth of e-banking has benefited enormously to banks and their customers. It has allowed banks to expand outreach, reduce transaction costs, improve efficiency, and provide virtual banking...