e-Banking Rules
Banking Technology Department APRIL 2010
Table of Contents
1 Introduction: 4
1.1 Electronic Banking Definition: 4
1.2 E-banking Evolution: 5
1.3 E-Banking Rules: 5
1.4 Objective of the Rules: 6
1.5 Scope of Application: 6
1.6 Effective Date: 6
2 Supervision of E-Banking: 7
2.1 Supervisory Approach: 7
2.2 New E-banking Products: 7
2.3 Legal and Regulatory Requirements: 7
2.4 Enforcement Mechanism: 8
2.5 Reporting Requirements: 8
3 Customer Protection and Education: 9
3.1 Rights and Liabilities of Banks and Customers: 9
3.2 Customer Security and Education: 9
3.3 Banks’ Obligations: 10
4 E-Banking Risks: 12
4.1 Types of Services: 12
4.2 Risk Profiles 12
4.3 Associated Risks: 13
4.4 Risk Management Approach: 15 4.4.1 Risk Identification 15 4.4.2 Risk Analysis and quantification 16 4.4.3 Risk treatment 16 4.4.4 Risk monitoring and review 16 4.4.5 Summary 17
5 Risk Management Principles for E-Banking: 18
5.1 Principles 1-3: Board and Management Oversight: 18
5.2 Principles 4-10: Security Controls: 20
5.3 Principles 11-14: Legal and Reputational Risk Management: 23
Appendix 1 26
Glossary 26
Appendix 2 32
Security Controls Requirements 32
Appendix 3 36
Incident Reporting 36
1
Introduction:
2.1 Electronic Banking Definition:
The term “Electronic Banking” or “e-banking” is defined as remote banking services provided by authorized banks, or their representatives through devices operated either under the bank's direct control and management or under the outsourcing agreement. In other words, e-banking is an umbrella term for the process by which a customer may perform banking transactions electronically without visiting a branch and includes the systems that enable customers of banks, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or