Risk Management in Electronic Banking - Concepts and Best Practices

List of Figures. List of Tables. Preface. Acknowledgments. Foreword. PART I: INTRODUCTION TO E-BANKING. Chapter 1 E-Banking Basics. Evolution of e-banking. Impact on traditional banking. E-banking components. Regulatory approval. Chapter 2 E-Banking Risks. Strategic risk. Operational risk. Compliance risk. Reputational risk. Other risks. Risk management challenges. The five-pillar approach. Chapter 3 Product and Service-specific Risks. Internet banking. Aggregation services. Bill presentment and payment. Mobile banking. Weblinking. Electronic money. Cross-border transactions. New products and services. PART II: RISK MANAGEMENT. Chapter 4 Risk Management Framework. Policies and procedures. Risk management process. Operational risk management. Governance and internal controls. Chapter 5 Risk Management Organization. Organization structure. Board and senior management. Executive risk committee. IT management. Internal and external audit. Chapter 6 International Standards. Basel Committee on banking supervision. COBIT 4.0. ISO 17799. OCTAVE. COSO enterprise risk management. PCI data security standard. Financial Action Task Force. Corporate governance codes. Regulatory guidelines. Part III: INFORMATION SECURITY. Chapter 7 Information Security Management. Security objectives. Security controls. Security risk assessment. Classifi cation of controls. Monitoring and testing. Incident response plan. Chapter 8 Operational Controls. Personnel issues. Segregation of duties. Technical issues. Database management. Change management. Backups and off-site storage. Insurance. Fraud management. Chapter 9 Technical Controls. Logical access controls. Identifi cation and authentication. Authentication methods. Audit trails. Network security. Firewalls. Malicious code. Information security incidents. PART IV: OUTSOURCING. Chapter 10 Outsourcing in E-Banking. Types of outsourcing. Material outsourcing. Supervisory approach. Key risks of outsourcing. Board and senior management responsibility. Outsourcing policy. Chapter 11 Managing Outsourced Services. Outsourcing decisions. Risk assessment and control. Service provider due diligence. Offshoring. Contingency plans. Customer service. Monitoring and audit. Chapter 12 Outsourcing Contracts. Contractual provisions. Right of access clauses. Termination clause. Offshoring contracts. Confi dentiality and security clauses. Business continuity clauses. PART V: BUSINESS CONTINUITY. Chapter 13 Business Continuity Management. The main drivers. Board and senior management responsibility. Components of BCM. Business impact analysis. BIA methodologies. Recovery strategy. Chapter 14 Business Continuity Plan. Major components of BCP. Continuity management team. Recovery procedures. Resource requirements. External communications. Plan maintenance. Awareness and training. Testing of BCP. Testing methods. Chapter 15 Data Centers and Alternate Sites. Evolution of data centers. Location of the sites. Mitigating concentration risk. Data center design. Logistics management. Maintenance procedures. Alternate site models. External support. Business continuity in real life. PART VI: LEGAL AND REGULATORY COMPLIANCE. Chapter 16 Compliance Function. Organization of the compliance function. Board and senior management responsibility. Role of regulators. Chapter 17 Major Compliance Issues. Anti-money laundering. Know your customer (KYC). Suspicious activities. Privacy of customer information. Information disclosures. Customer education. High-level review checklist. Acronyms. Glossary. References. Index.