For an increasing number of banks there may be a strategic reason for engaging in electronic banking and electronic money activities. In addition, greater use of electronic banking and electronic money may increase the efficiency of the banking and payment system, benefiting consumers and merchants. At the same time, as the preceding discussion indicates, there are risks for banks engaging in electronic banking and electronic money activities. Risks must be balanced against benefits; banks must be able to manage and control risks and absorb any related losses if necessary. Risks from electronic banking and electronic money activities should also be evaluated in the context of other risks the bank faces. Even though electronic banking and electronic money activities may represent a relatively small portion of the overall activities of banks currently, supervisors may still require senior management’s assurance that critical systems are not threatened by the risk exposures banks take.
|
The rapid pace of technological innovation is likely to change the nature and scope of risks banks face in electronic money and electronic banking. Supervisors expect banks to have processes that enable bank management to respond to current risks, and to adjust to new risks. A risk management process that includes the three basic elements of assessing risks, controlling risk exposure, and monitoring risks will help banks and supervisors attain these goals. Banks may employ such a process when committing to new electronic banking and electronic money activities, and as they evaluate existing commitments to these activities.
|
It is essential that banks have a comprehensive risk management process in place that is subject to appropriate oversight by the board of directors and senior management. As new risks in electronic banking and electronics activitities are identified and assessed, the board and senior management must be kept informed of these changes. Prior to any new activity being commenced, a comprehensive review should be conducted so that senior management can ensure that the risk management process is adequate to assess, control and monmitor any risks arising from the proposed new activity.
|
