Breaking

Showing posts with label Risk Management. Show all posts
Showing posts with label Risk Management. Show all posts

Wednesday, 15 April 2020

07:41

How Financial Organisations can Improve Cybersecurity

How Financial Organisations can Improve Cybersecurity
How Financial Organisations can Improve Cybersecurity
BFSI sector, NCIIPC
The financial industry experiences 35 percent of all data breaches. It houses high-value data and assets that are attractive to attackers for obvious reasons. The US National
Institute of Standards and Technology (NIST) divide financial institutions into four levels of cybersecurity maturity. 
Partial: At this level the organisation cybersecurity risk management practices aren’t formalized and risk is managed
in an ad hoc (and sometimes reactive) manner.
Informed: This maturity level is characterized by institutions where management has approved risk management
practices, but these practices are not established as policy across the organization.
Repeatable: At this maturity level, an organization’s risk management practices are formally approved and expressed
as policy.
Adaptive: At this highest maturity level, organizations adapt cybersecurity practices “based on lessons learned and
predictive indicators derived from previous and current cybersecurity activities.”
Forbes advises financial institutions to apply some thought to three different steps to verify greater data security and minimize
legal exposure. Firstly, they ought to draft internal policies, procedures and contractual provisions associated with the
investigation, and remediation and reporting of breaches. Next, institutions should obtain appropriate insurance sum for various
varieties of cyber risks and consider the adequacy of existing insurance programs. Not only will this help to mitigate risk if an
institution is successfully attacked, but organizations may end up proactively improving their cybersecurity environments
because it is the easiest way to increase coverage or lower their premiums. Finally, financial institutions should seek out thirdparty cybersecurity partners that will help them manage their security environments and forestall data breaches
References:
[1] https://biztechmagazine.com/article/2020/01/how-financialservices-firms-can-improve-cybersecurity

0
By at No comments:
Labels: , ,

Tuesday, 20 June 2017

08:10

Risks Associated with Bankers’ Acceptances

Risks Associated with Bankers’ Acceptances
For purposes of the OCC’s discussion of risk, the OCC can be said to assess banking risk relative to its impact on capital and earnings. From a supervisoryperspective, risk is the potential that events, expected or unexpected, may have an adverse impact on a bank’s earnings or capital. The OCC has defined ninecategories of risk for bank supervision purposes. These risks are credit,interest rate, liquidity, price, foreign currency translation, transaction, compliance, strategic, and reputation.
The risks associated with bankers’ acceptances are transaction, compliance,credit, liquidity, foreign currency translation, and reputation. These risks are discussed more fully in the following paragraphs. (Once an examiner determines whether the bankers’ acceptances are held as a loan or investment,they should refer to the appropriate booklet in the Comptroller’s Handbook for further guidance.)
Transaction Risk
Transaction risk is the current and prospective risk to earnings and capital arising from fraud, error, and the inability to deliver products or services,maintain a competitive position, and manage information. Risk is inherent in efforts to gain strategic advantage, and in the failure to keep pace with changesin the financial services marketplace. Transaction risk is evident in each product and service offered. Transaction risk encompasses product development and delivery, transaction processing, systems development,computing systems, complexity of products and services, and the internal
control environment.
Banks should work closely with borrowers seeking bankers’ acceptance financing to ensure that the borrower fully understands the supporting documentation and timely processing requirements related to this type of financing. The basic documentation for a bankers’ acceptance consists of
A bankers’ acceptance credit agreement which contains the borrower’s promise to repay the bank when the acceptance
matures.
• A “purpose statement” or letter from the borrower that describes the underlying trade transaction being financed, certifies that no other
financing is outstanding, and specifies that the transaction has not been refinanced.
• A draft.
Compliance Risk
Compliance risk is the current and prospective risk to earnings or capital arising from violation of, or nonconformance with, laws, rules, regulations,prescribed practices, internal policies and procedures, or ethical standards. Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the bank’s clients may be ambiguous or untested. This risk exposes the institution to fines, civil money penalties,payment of damages, and the voiding of contracts. Compliance risk can lead to diminished reputation, reduced franchise value, limited business opportunities,reduced expansion potential, and lack of contract enforceability.
The major compliance risk associated with bankers’ acceptance financing relates to creating ineligible bankers’ acceptances but treating them as if they were eligible for Federal Reserve discount. If this occurs, the Federal Reserve will generally impose a retroactive reserve requirement on the accepting bank.
If the bank has created a bankers’ acceptance based upon accurate information provided by the borrower in the purpose statement, only to learn later that it erroneously considered the transaction eligible, the bank will not be able to collect compensation from the customer to cover the reserves.
Compliance with the legal lending limit must be considered. When a bank discounts or holds its own bankers’ acceptances, they are converted to a loan and included in the legal lending limit. Purchased bankers’ acceptances are exempt
Credit Risk
Credit risk is the current and prospective risk to earnings or capital arising from an obligor’s failure to meet the terms of any contract with the bank or
otherwise to perform as agreed. Credit risk is found in all activities where success depends on counterparty, issuer, or borrower performance. It arises
any time bank funds are extended, committed, invested, or otherwise exposed through actual or implied contractual agreements, whether reflected on or off
the balance sheet.
Bankers’ acceptances contain credit risk not only for the bank creating the acceptance, but also for the exporter, for banks purchasing another bank’s acceptances, and for other investors (such as money market mutual funds, trust departments, state and local governments, insurance companies, pension funds, corporations, and commercial banks) who buy bankers’ acceptances.
The principal credit risk of this instrument is that the importer will be unable to make payment at maturity of the bankers’ acceptance — leaving the accepting bank responsible to make payment. For acceptances purchased in the market, credit risk is somewhat mitigated because bankers’ acceptances
are considered to be “two-name paper,” which means that the importer is secondarily liable on the instrument. In addition, the instrument is a contingent obligation of the drawer (exporter). In other words, the exporter (drawer) is contingently liable if the importer does not pay. The acceptance is also an obligation of any other institutions that have endorsed it. That is,“holders in due course” that have bought and sold the acceptance in the market.
Liquidity Risk
Liquidity risk is the current and prospective risk to earnings or capital arising from a bank’s inability to meet its obligations when they come due without incurring unacceptable losses. Liquidity risk includes the inability to manage unplanned decreases or changes in funding sources. Liquidity risk also arises from the failure to recognize or address changes in market conditions that affect the ability to liquidate assets quickly and with minimal loss in value.
Partly because the maturities of most bankers’ acceptances are short, the  market generally views acceptances as safe and liquid. The fact that “name”
banks dominate acceptance financing also limits liquidity risk. Liquidity risk will be greater if the accepting bank is lower rated, is not a “name” or “prime”
institution, or if the instrument is not eligible for Federal Reserve discount.

0
By at No comments:
Labels: , , , ,

Monday, 12 December 2016

10:02

Security and Risk Mitigation measure

Security and Risk Mitigation measure

RBI/2016-17/178
DPSS.CO.OSD.No.1485/06.08.005/2016-17

December 09, 2016

All Prepaid Payment Instrument Issuers,
System Providers, System Participants and
all other Prospective Prepaid Payment Instrument Issuers

Dear Sir,

Security and Risk Mitigation measure - Technical Audit of Prepaid Payment Instrument issuers

With the withdrawal of legal tender characteristics of existing ₹ 500/- and ₹ 1000/- Bank Notes (Specified Bank Notes – SBN), the use of alternate modes of payment, specifically e-wallets has gained momentum. The Reserve Bank has also notified special measures for Prepaid Payment Instruments (PPIs) to facilitate adoption of digital payments in a big way. While all efforts should continue to be made by entities for on-boarding new customers and merchants, it needs to be borne in mind that any kind of cyber security incident affecting the digital channels/products, particularly at this juncture, may have significant system-wide ramifications and act as a dampener for the adoption of digital products by public at large.

2. As the rapid escalation in e-payments may put significant pressure on the existing digital infrastructure, it is imperative that the integrity of our digital ecosystem is maintained by ensuring that they remain robust and fully secure. Attention is drawn to the extant guidelines requiring authorised entities to submit system audit reports from a CISA/DISA qualified auditor on an annual basis (refer the links https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=6177&fn=9&Mode=0 and https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=6344&fn=9&Mode=0). The scope of the System Audit includes evaluation of the hardware structure, operating systems and critical applications, security and controls in place, including access controls on key applications, disaster recovery plans, training of personnel managing the systems and applications, documentation, etc.

3. In view of the above, all authorised entities/banks issuing PPIs in the country are advised to:
carry out a special audit by the empanelled auditors of Indian Computer Emergency Response Team (CERT-In) on a priority basis and take immediate steps thereafter to comply with the findings of the audit report. The list of empanelled auditors is available on http://www.cert-in.org.in/PDF/Empanel_org.pdf The audit should cover compliance as per security best practices, specifically the application security lifecycle and patch/vulnerability and change management aspects for the system authorised and adherence to the process flow approved by the Reserve Bank. Banks may also be guided by the circular DBS.CO/CSITE/BC.11/33.01.001/2015-16 on Cyber Security Framework in Banks dated June 02, 2016.
take appropriate measures on mitigating phishing attacks considering that the new customers are likely to be first time users of the digital channels. Safety and security best practices may be disseminated to the customers periodically.
implement additional measures dynamically depending upon the risk perception or threats as they emerge.
4. A confirmation giving the details of action plan, including the name and date of appointment of the auditor may please be conveyed to Department of Payment and Settlement System DPSS, CO at email by December 21, 2016. Also, a senior functionary may be designated to monitor the position on an ongoing basis and report the updates to us periodically (1st compliance within 15 days and subsequent compliance on a monthly basis). Banks may forward the compliance to the respective Senior Supervisory Manager (SSM) and non- bank entities may forward to the respective regional offices of DPSS.
5. The directive is issued under Section 10(2) read with Section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007).

Yours faithfully,
(Nanda S. Dave)
Chief General Manager

Source:RBI
0
By at No comments:
Labels: , , , ,

Tuesday, 25 October 2016

08:30

Holistic enterprise-wide digitisation is the key to success in the Indian banking industry

Holistic enterprise-wide digitisation is the key to success in the Indian banking industry

Emerging new competition, changing customer expectations, and reduced profitability are forcing banks in India to revisit their strategic business and operating models as well as their digital transformation and technology innovation strategies. 


By Research
  • Embrace digitisation and integrate systems, channels and data analytics for better service capability
  • Focus on finance and risk integration for a mature risk management model
  • Implement stronger HR management and workforce empowerment tools

The Asian Banker, in partnership with Oracle, released a special report, “Imagining ‘The Future Bank’ India”, which benchmarks current developments in Indian banks against leading global banks, and identifies key gaps in their financial services industry. The research brings together strategic and opera¬tional models that are imperative to bridge these gaps and lead the way to “The Future Bank”.

Embrace digitisation and integrate systems, channels and data analytics for better service capability

Banks in India are facing multiple challenges - emerging competition from new entrants and fintechs, reduced profitability, rising non-performing assets (NPA) and changing customer expectations. At the forefront is digital transformation. The banks need to have a customer centric focus which requires them to align their channels, products and analytics.In order to compete with the best in the world, the report reveals that Indian banks must implement holistic platform based, enterprise-wide digital transformation, cross-channel integration and seamless processes to achieve “omni-channel” service capability (Figure 1). They should also move in the direction of integrating technology towards agile systems and processes, empowered by data analytics, with better risk management tools and sound distribution network strategies.

0
By at No comments:
Labels: , , ,