GROUP NO-6

A PROJECT REPORT

ON

RISKS IN E BANKING

Submitted to: Submitted by:

MR.V.S.SOLANKI ABHISHEK SINGH

OM SHANKAR

VIKASH KUMAR

TAPAN RAY

INSTITUTE OF PRODUCTIVITY & MANAGEMENT

MEERUT

Introduction

E-banking nowadays is the common trend here in our country. No more falling in line in banks, no more waiting tons of hours in the bank, no more days and weeks of waiting. All can be done with one card, one gadget. It’s easy, it works, and most importantly, people like it. But still, some people are having a hard time using this kind of technology mostly people who are used to do things the old traditional way. With the use of advertising, people are now motivated to use E-banking because again, it eliminates the hassle encountered when using the old process of banking.

The advancement of electronic banking or commonly known as e-banking, began with the use of automatic teller machines (ATMs) and has included telephone banking, Direct bill payment, electronic fund transfer, online banking and other electronic transactions. For many people, they believe that the e-banking will go to the direction of mobile banking. Also, some people believe that online banking will be the most popular method in the future.

In order for users/customers to use their banks online services, they need to have a personal computer and an Internet connection. Also, their personal computers will be Their assistant who will assist them in their transactions and services. Examples of those transactions are paying bills, attaining information about accounts and loans, and etc. In addition, those transactions offered by different banks are continuously changing and are being improved because of some banks wants to attain competitive advantage with other banks. The banking industry should always adapt to the new technology today and basically make the necessary adjustments to gain competitive advantage with other competing banks.

Electronic banking is sometimes defined as the provision of retail and small value banking products and services through electronic channels either through mobile devices, Automated Teller Machines, or even the internet. It is also often used to describe processes in which customers can perform banking transactions without visiting a physical institution e-banking made an auspicious debut when automated teller machines (ATMs) were introduced it revolutionizing how we viewed the usual, brick-and-mortar bank structure. Today, ATMs have become a common customer delivery channel that is mainly in urban centres and sometimes even in the countryside. Aside from ATMs, other innovations have taken place such as

phone and internet banking which again provide customers the ability to access banking services from various locations and at a 24-hour by 7- days basis.

With these developments, customers are able to enjoy the many conveniences and lower costs that are offered by the said innovations. However, it can be seen that the poor and low-income segment is still underserved or do not fully enjoy the benefits of such innovations. For example, ATMs have a nationwide presence but there is a concentration in urban areas, which are not easily accessible to those residing in the countryside. In addition, ATMs would require that you have a bank issued ATM card. The banks that typically issue ATM cards are the larger banks with which poor and low income individuals do not transact.

The smaller banks like rural banks do not yet have the vast ATM networks as the bigger banks. Another example is internet banking services, which has significantly increased convenience for clients, as they are able to perform certain transactions without leaving their home or workplace.

However, this service is available only to those who have internet connection or are, at the very least, computer literate. In the same manner as ATM services, the poor and low-income clients will not be able to fully enjoy the benefits of this service.

These unique e-banking characteristics include:

⇒ Speed of technological change, ⇒ Changing customer expectations, ⇒ Increased visibility of publicly accessible networks (e.g., the

Internet), ⇒ Less face-to-face interaction with financial institution customers, ⇒ Need to integrate e-banking with the institution’s legacy

computer systems, ⇒ Dependence on third parties for necessary technical expertise, ⇒ Proliferation of threats and vulnerabilities in publicly accessible

networks.

The Risks

Without a doubt, the technological growth has considerably affected the profile of Bank risks and financial institution formation more generally. Some of these risks are increased, while others on the contrary are possible to be decreased. In any case, the growth of electronic banking has created a new basis with regard to the degree of exposure to the risk and therefore consequently the need of not only a differentiated regulating frame, but also mechanisms of monitoring to be formed, which has already begun to be shaped in the fields of Basle Committee of Banking Supervision. The degree

of exposing to risks, which are related to the electronic banking, depends mainly on the degree of adopting new alternative electronic means of distribution of services and products.

The business risk is the risk of not being able to achieve the business targets due to inappropriate strategies, inadequate resources or changes in the economic or competitive environment. It has to do with the ability the credit institution has in order to achieve the operational objectives by exploiting the available opportunities in the market. The big changes on the banking sector and the adoption of fast paced evolving technology also change the traditional strategic risks. A bank that will rush into the adoption of new

Technologies so that is rendered pioneer is risking losing its investment as information systems lose their value in very short time interval. Moreover, there is the risk of extensive investment in particular products or services, which will not become acceptable by the end users. On the other hand, if it maintains a more conservative attitude there is the risk of becoming last, in an environment where the competition is moving fast and strengthens its place in the market. Internet banking may soon convert from a

Complementary to the main provider of financial services and products. Consequently, a possible failure of a bank entering this sector, can have various consequences on its future position in the market, especially when the competition of the banks, which are clearly connected with the i-banking and do not have any physical substance (virtual banks), is already given. Finally, the consequences, for the strategy that a bank follows from inter-country activities it will undertake, should be evaluated, taking into

Consideration that the nature of internet is to encourage the expansion of banks in new markets abroad.

Accordingly, the bank’s strategy should be readjusted globally so that it meets the new challenges and opportunities that will be shaped in the frames of new technological environment, with final objective to acquire a leading place in the sector of electronic banking.

Transactional/Operational risk

It is defined as the risk of loss as a consequence of the actions, the processes, the infrastructure, the technology or other factors that practise functional effect, including the false activities that include fraud. The Basle Committee of Banking Supervision defines as operational risk the risk of occurring damage, either from insufficient, inadequate internal processes and systems, or from human factor, or other external reasons. Operational risk differs from the traditional banking risks in that it does not come from the effort to achieve profit but it is an innate characteristic of banking activity. The operational risk is the risk of damage that is owed, in insufficient or unsuccessful processes (insufficiencies of systems and internal inspection), individuals (human faults, failures of administration) or systems (risk of damage or insufficiency of computer systems) or in exterior incidents (e.g. natural destruction, fires, legislative changes, lawful requirements, etc). The operational risks are directly related with the bad operation of information systems, the processes of reports and the applied internal rules of observing the management of potential risk. Also, they are existent in all the products, the activities, the processes and the bank systems and all the departments and the services of the bank are involved. The operational risk can always arise and cause from negligible damage (eg risk from a photocopier damage) to essential and very important damage and could lead even to bankruptcy. It is a field of risk that both banks and enterprises generally have not accomplished to manage effectively with an organised way. The human factor constitutes one of the biggest operational risks that banks face. The reasons that can lead an employee, deliberately or not, to cause such damage are the lack of skills,the insufficient training or the fraud. The improvement of information technology transactions, the use of high technology from the banks for the automation of all manual procedures in combination with the high interdependence of financing systems, includes the possibility of transforming risks that are related with human errors in risk of malfunction of the system. The operational risks are also related to the safety of transactions, which depend on the handling and the structure of electronic systems of providing the financial services, the integrity and the right management of records, as well as the entrusting of electronics banking services to third parties. It constitutes, perhaps, the most important problem, which is directly connected with the electronic banking, which banking organizations are called to face. The loss that the world financial

systems face from the offences of information systems is worrying. Risks caused by insufficient controls on certification issues and authenticity of co-contractors have probably as result the successful access and falsification of data as a consequence of attacks from malignant intruders (hackers). The consequences of these attacks vary depending on the intentions of those who carry them out, if that is to say they wish the simple overstepping of the system’s safety or if their objective is commercial sabotage or Spying. They try to access customers’ data or even the banks data. Frequently enough they rely on any technical weaknesses of the systems. However, as it has already been mentioned, the greatest risks stem from the human factor. Researches carried out by experts on issues of security prove that in most cases of attacks the intruders had the volunteer or involuntary help of somebody that worked in the bank (Lemonakis 2005). In the case of planning the problem is located on some software, which reports periodical or permanent malfunctions. During the operation of the system a problem can arise in case of telecommunications connections loss, overloading or interruption of electric provisioning. The last category of operational risk that is related to the security of transactions is owed to factors outside the banks information systems and its personnel. The banks find particularly interesting the solution of entrusting the application of electronic banking in a third exterior supplier of such applications. In this way they avoid creating a software package and the essential infrastructure themselves. This means reduction on the cost and rapid adoption of e-banking. Unfortunately, a part or even the entire control is transferred from the bank to the external supplier and risks, which the bank cannot control. The problem becomes even bigger in the case when the exterior administrator does not have the experience needed or it is a relatively new company that ignores the banking risks.

SECURITY RISK Internet is a public network of computers which facilitates flow of data information and to which there is unrestricted access. Banks using this medium for financial transactions must, therefore, have proper technology and systems in place to build a secured environment for such transactions.

Security risk arises on account of unauthorized access to a bank’s critical information stores like accounting system, risk management system, portfolio management system, etc. A breach of security could result in direct financial loss to the bank. For example, hackers operating via the Internet could access, retrieve and use confidential customer information and also can implant virus. This may result in loss of data, theft of or tampering with customer information, disabling of a significant portion of bank’s internal computer system thus denying service, cost of repairing these etc. Other

relate d risks are loss of reputation, infringing customers’ privacy and its legal implications etc. Thus, access control is of paramount importance. Controlling access to banks’ system has become more complex in the Internet environment which is a public domain and attempts at unauthorized access could emanate from any source and from anywhere in the world with or without criminal intent. Attackers could be hackers, unscrupulous vendors, disgruntled employees or even pure thrill seekers. Also, in a networked environment the security is limited to its weakest link. It is therefore, necessary that banks critically assess all interrelated systems and have access control measures in place in each of them.

In addition to external attacks banks are exposed to security risk from internal sources e.g. employee fraud. Employees being familiar with different systems and their weaknesses become potential security threats in a loosely controlled environment. They can manage to acquire the authentication data in order to access the customer accounts causing losses to the bank.

Unless specifically protected, all data / information transfer over the Internet can be monitored or read by unauthorized persons. There are programs such as ‘sniffers’ which can be set up at web servers or other critical locations to collect data like account numbers, passwords, account and credit card numbers. Data privacy and confidentiality issues are relevant even when data is not being transferred over the net.

Data residing in web servers or even banks’ internal systems are susceptible to corruption if not properly isolated through firewalls from Internet.

The risk of data alteration, intentionally or unintentionally, but unauthorized is real in a networked environment, both when data is being transmitted or stored. Proper access control and technological tools to ensure data integrity is of utmost importance to banks. Another important aspect is whether the systems are in place to quickly detect any such alteration and set the alert.

Identity of the person making a request for a service or a transaction as a customer is crucial to legal validity of a transaction and is a source of risk to a bank. A computer connected to Internet is identified by its IP (Internet Protocol) address. There are methods available to masquerade one computer as another, commonly known as ‘IP Spoofing’. Likewise user identity can be misrepresented. Hence, authentication control is an essential security step in any e-banking system.

Non-repudiation involves creating a proof of communication between two parties, say the bank and its customer, which neither can deny later. Banks’ system must be technologically equipped to handle these aspects which are potential sources of risk.

System Architecture and Design Appropriate system architecture and control is an important factor in managing various Kinds of operational and security risks. Banks face the risk of wrong choice of technology, improper system design and inadequate control processes. For example, if access to a system is based on only an IP address, any user can gain access by masquerading as a legitimate user by spoofing IP address of a genuine user. Numerous protocols are used for communication across Internet. Each protocol is designed for specific types of data transfer. A system allowing communication with all protocols, say HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), telnet etc. is more prone to attack than one designed to permit say, only HTTP.

Choice of appropriate technology is a potential risk banks face. Technology which is outdated, not scalable or not proven could land the bank in investment loss, a vulnerable system and inefficient service with attendant operational and security risks and also risk of loss of business.

Many banks rely on outside service providers to implement, operate and maintain their e-banking systems. Although this may be necessary when banks do not have the requisite expertise, it adds to the operational risk. The service provider gains access to all critical business information and technical systems of the bank, thus making the system vulnerable. In such a scenario, the choice of vendor, the contractual arrangement for providing the service etc., become critical components of banks’ security. Bank should educate its own staff and over dependencies on these vendors should be avoided as far as possible.

Not updating bank’s system in keeping with the rapidly changing technology, increases operational risk because it leaves holes in the security system of the bank. Also, staff may fail to understand fully the nature of new technology employed. Further, if updating is left entirely at customers’ end, it may not be updated as required by the bank. Thus education of the staff as well as users plays an important role to avoid operational risk.

Approaches to reduce security related operational risk are discussed in detail in Chapter-6. These include access control, use of firewalls, cryptographic techniques, public key encryption, digital signature etc.

Reputational risk

Reputational risk is the risk of getting significant negative public opinion, which may result in a critical loss of funding or customers. Such risks arise from actions which cause major loss of the public confidence in the banks' ability to perform critical functions or impair bank-customer relationship. It may be due to banks’ own action or due to third party action.

The main reasons for this risk may be system or product not working to the expectations of the customers, significant system deficiencies, significant security breach (both due to internal and external attack), inadequate information to customers about product use and problem resolution procedures, significant problems with communication networks that impair customers’ access to their funds or account information especially if there are no alternative means of account access. Such situation may cause customer-discontinuing use of product or the service. Directly affected customers may leave the bank and others may follow if the problem is publicized.

Other reasons include losses to similar institution offering same type of services causing customer to view other banks also with suspicion, targeted attacks on a bank like hacker spreading inaccurate information about bank products, a virus disturbing bank’s system causing system and data integrity problems etc.

Possible measures to avoid this risk are to test the system before implementation, backup facilities, contingency plans including plans to address customer problems during system disruptions, deploying virus checking, deployment of ethical hackers for plugging the loopholes and other security measures.

It is significant not only for a single bank but also for the system as a whole. Under extreme circumstances, such a situation might lead to systemic disruptions in the banking system as a whole. Thus the role of the regulator becomes even more important as not even a single bank can be allowed to fail.

An institution’s decision to offer e-banking services, especially the more complex transactional services, significantly increases its level of reputation risk. Some of the ways in which e-banking can influence an institution’s reputation include:

Loss of trust due to unauthorized activity on customer accounts,

Disclosure or theft of confidential customer information to unauthorized parties (e.g., hackers),

Failure to deliver on marketing claims, Failure to provide reliable service due to the frequency or duration of

service disruptions, Customer complaints about the difficulty in using e-banking services

and the inability of the institution’s help desk to resolve problems, and Confusion between services provided by the financial institution and

services provided by other businesses linked from the website.

Legal risk

Legal risk is the risk of non-compliance with legal or regulatory requirements. A big part of the legal framework is general and it is in effect for all the enterprises, in certain cases, however, a legislative framework that covers specific services exists. The individual regulations will be specific and they will be published by the regulating organizations that have legal competence for the particular sector. The legal risks are directly related to the electronic banking and they increased as its use is extended. They mainly stem from the uncertainty that exists in the legal - regulative framework concerning the electronic banking. In most countries an explicit regulating framework does not exist and this is owed to the little experience regarding the sector of electronic banking. The problem becomes even bigger when a bank offers its electronic services to other countries as well, since a unified legal frame in international level does not exist. Each country puts its own rules into effect and it is difficult for a bank to constantly adapt its services and to be acquainted with all the laws that are in effect in every country. There is also a big problem with the validity of transactions and the certification of users through the electronic ways. Up to now we knew that the only way of identifying a person in a document was his own signature. Also the certification of a document was based on his physical existence. The development of technology and the applications of electronic banking changed the status. Both the documents, and the signatures are digital, that is to say virtual. The legislative framework of many countries, however, does not forecast such thing. Since 1999, as European Union is concerned the Directive 1999/93/EK places the basis for a regulating framework for the electronic signatures. The Directive was adopted by all the countries-member and in Greece with the Presidential Decree 150/2000 the Greek with the Community right was harmonised (Arhontakis, 1999). Another legal risk is related with the protection of the customers’ personal data. Bad use by the bank personnel or by exterior malignant intruders can expose a bank in serious legal risks. It is possible that the intruders acquire access in the databases of the banks and use the data of customers in order

to commit a fraud. In this case a legal risk is created by the bad or not certified use of customers’ data. The legal risks, in which the financial institutions will be exposed from the use of electronic banking, are expected to increase because of the uncertainty that characterises the wider legal framework and the specific lawful regulations of transactions through an open electronic network as the internet is. The uncertainty with regard to the validity of transactions, the protection of personal data, the involuntary consumer’s exposure to foreign jurisdiction, the tax evasion, the laundering of money, the electronic fraud but also the legal responsibility in case a system collapses, increase the exposure to the legal regulatory risks. Supranational organizations or specialised institutions or even the financial institutions can contribute to the direction of determination and limitation of legal risks that the use of open electronic network as the internet entails. In terms of the European Union, a regulating frame has been developed that is concerned with questions such as the electronic (digital) signatures, the distant rendering of financial services, as well as the Directive on the electronic commerce. Also in OECD level many efforts have been made in order to put regulations on issues such as the counterfeiting of electronic money and the laundry of it, as special aspects of effort made for the prevention of economic crime. But even the financial institutions themselves can contribute to the restriction of legal risks and specifically those that are involved with issues that urgently interest the consumers (protection in the management of personal data, distribution of legal responsibility between bank and consumer in case of system’s failure e.t.c.). While the electronic commerce is expanding and to the extend that the financial institutions try to attract consumer credit with new products and services, the banks should undertake some kind of role in the systems of electronic certification by using digital certificates. The financial institutions can undertake the responsibility of certification or collaborate with specialised suppliers, ensuring, in this last case, the explicit conventional terms concerning the rights and the obligations of both parts. Legal risk arises from violation of, or non-conformance with laws, rules, regulations, or prescribed practices, or when the legal rights and obligations of parties to a transaction are not well established.

Given the relatively new nature of Internet banking, rights and obligations in some cases are uncertain and applicability of laws and rules is uncertain or ambiguous, thus causing legal risk.

Other reasons for legal risks are uncertainty about the validity of some agreements formed via electronic media and law regarding customer disclosures and privacy protection. A customer inadequately informed about his rights and obligations, may not take proper precautions in using Internet banking products or services, leading to disputed transactions, unwanted suits against the bank or other regulatory sanctions.

In the enthusiasm of enhancing customer service, bank may link their Internet site to other sites also. This may cause legal risk. Further, a hacker may use the linked site to defraud a bank customer.

If banks are allowed to play a role in authentication of systems such as acting as a Certification Authority, it will bring additional risks. A digital certificate is intended to ensure that a given signature is, in fact, generated by a given signer. Because of this, the certifying bank may become liable for the financial losses incurred by the party relying on the digital certificate. The systemic risk

It is the risk that a small incident will cause unexpected consequences in local, regional or international systems that are not connected immediately with the source of disturbance. The systemic risk is likely to influence a small or big number of companies of the same sector or to concern exclusively one single company. The rapid adoption of information technology from the banks and its negative aspects, are very much likely to increase the systemic risks. The focalisation of problems that will probably arise, might lead to negative chain reactions from bank to bank or even from country to country, provided that the volume of cross-border transactions has been increased through the internet in such degree that it can influence the international financial system. The systemic risk can be increased since many participants in the particular market can use the same or similar software or equipment for the confrontation of the same problems. Because of their widespread application, the risk management models may create risks in cases of likely weaknesses and deficiencies that arise in periods of extreme conditions in the market. The dependence on exterior collaborators or suppliers is possible to lead to the gathering of certain administrative system operations and as a result the burden of risks of ensuring the proper operation of the electronic system of financial services, becomes the responsibility of certain specialised suppliers or even only one from whom all the financial institutions will be depended. Finally, the consumers’ behaviour reacting as a herd, can become worse, by increasing the markets’ activities or depriving it of liquidity, since the information is always diffused faster and the investment decisions are taken with unusual speed.

Money Laundering

Money laundering is the practice of engaging in financial transactions in order to conceal the identity, source, and/or destination of money, and is a main operation of the underground economy Money laundering is called what it is because that perfectly describes what takes place - illegal, or dirty, money is put through a cycle of transactions, or washed, so that it comes out the other end as legal, or clean, money. In other words, the source of illegally obtained funds is obscured through a succession of transfers and deals in order that those same funds can eventually be made to appear as legitimate income Every financial institution is charged with the responsibility of developing policies and procedures to combat money laundering, which includes the duty to be aware of trends and adaptations in the methods by which money laundering is carried out. The most difficult aspect of this responsibility is a financial organization’s ability to anticipate new criminal behaviour and to proactively implement protocols before the criminal behaviour occurs Money laundering risk-

11.. As Internet banking transactions are conducted remotely banks may find it difficult to apply traditional method for detecting and preventing undesirable criminal activities. Application of money laundering rules may also be inappropriate for some forms of electronic payments. Thus banks expose themselves to the money laundering risk. This may result in legal sanctions for non-compliance with “know your customer” laws.

22.. To avoid this, banks need to design proper customer identification and screening techniques, develop audit trails, conduct periodic compliance reviews, frame policies and procedures to spot and report suspicious activities in Internet transactions. Action Steps and Best Practices

Review Policies and Procedures

⇒ Determine whether your policies address emerging forms of payment Methods, higher risk commercial transactions, and new lines of business or products.

⇒ Determine whether your current or projected product lines warrant Implementation of new policies.

Compare and Strengthen

⇒ Reinforce your current policies using directives and guidance by your Federal Regulatory Organization to fill in the gaps or shore up weak Spots.

⇒ Review new AML examination procedures to determine deficits within Your own policies.

Determine Breadth

⇒ Assess your current CIP procedures to verify its application across the spectrum of your product lines.

⇒ Understand that new product lines, while not yet formally or fully Regulated, may still fall within catch-all provisions of the regulations.

 

Monitor

⇒ Continually review processes such as Internet identity verification to Assure that non-traditional application procedures meet minimum requirements.

⇒ Review the actions of unofficial employees, such as agents that may Carry the burden of implementing policy without the risk of failure to

implement.

Document and Retain

⇒ Maintain records of executive and procedural decisions determining risk and applicability of program implementation, particularly when decision to not implement new policies or change existing procedures is made.

Strategic Risk

A financial institution’s board and management should understand the risks associated with e-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering e-banking services. Poor e-banking planning and investment decisions can increase a financial institution’s strategic risk. Early adopters of new e-banking services can establish themselves as innovators who anticipate the needs of their customers, but may do so by incurring higher costs and increased complexity in their operations. Conversely, late adopters may be able to avoid the higher expense and added complexity, but do so at the risk of not meeting customer demand for additional products and services. In managing the strategic risk associated with e-banking services, financial institutions should develop clearly defined e-banking objectives by which the institution can evaluate the success of its e-banking strategy. In particular, financial institutions should pay attention to the following:

Adequacy of management information systems (MIS) to track e-banking usage and profitability;

⇒ Costs involved in monitoring e-banking activities or costs involved in overseeing e-banking vendors and technology service providers;

⇒ Design, delivery, and pricing of services adequate to generate sufficient customer demand;

⇒ Retention of electronic loan agreements and other electronic contracts in a format that will be admissible and enforceable in litigation;

⇒ Costs and availability of staff to provide technical support for interchanges involving multiple operating systems, web browsers, and communication devices;

⇒ Competition from other e-banking providers ⇒ Adequacy of technical, operational, compliance, or marketing support for e-

banking products and services.

Strategic Risk

On strategic risk E-banking is relatively new and, as a result, there can be a lack of understanding among senior management about its potential and implications. People with technological, but not banking, skills can end up driving the initiatives. E-initiatives can spring up in an incoherent and piecemeal manner in firms. They can be expensive and can fail to recoup their cost. Furthermore, they are often positioned as loss leaders (to capture market share), but may not attract the types of customers that banks want or expect and may have unexpected implications on existing business lines.

Banks should respond to these risks by having a clear strategy driven from the top and should ensure that this strategy takes account of the effects of e-banking, wherever relevant. Such a strategy should be clearly disseminated across the business, and supported by a clear business plan with an effective means of monitoring performance against it.

Strategic and business risk. Senior management needs to be firmly in charge of the direct effects of their Internet strategies, and of the potential indirect effects on the underlying profitability of their business there is a risk that people with strong technological, but weak banking skills can end up driving e-initiatives. One consequence may be that these initiatives do not attract the types of customers that banks want or expect, and may have unexpected implications for existing business lines. Banks may face new competition too. E-banks are easy to set up, so lots of new entrants are arriving on the scene. And old-world systems, cultures and structures do not encumber these new entrants.

Conclusion

And so in conclusion e-banking creates issues for banks and regulators alike. For our part we will continue our work, both national and international, to identify and remove any unnecessary barriers to e-banking. For their part, banks should have a clear and widely disseminated strategy that is driven from the top and takes into account the effects of e-banking, together with an effective process for measuring performance against it.

Take into account the effect that e-provision will have upon their business risk exposures and manage these accordingly.

Undertake market research, adopt systems with adequate capacity and scalability, undertake proportional advertising campaigns and ensure that they have adequate staff coverage and a suitable business continuity plan.

Ensure they have adequate management information in a clear and comprehensible format.

Take a strategic and proactive approach to information security, maintaining adequate staff expertise, building in best practice controls and testing and updating these as the market develops. Make active use of system based security management and monitoring tools. Ensure that crisis management processes are able to cope with Internet related incidents.

As the group's final conclusion, e-banking has its own advantages and disadvantages. The main advantage of implementing e-banking is an increase in customer satisfaction. This is because customers do not have to go to the branches in order to access their accounts, make withdrawals and deposits. They can also check it anytime of the day, a feature that physical branches do not offer thus creating a good relationship with the bank and the customer.

E-banking is also advantageous not only for customer but also for the bank because it reduces costs in setting up a branch and the resources to process transactions. They can also service more people than ever before. All these

benefits are the reasons why many banks are already investing in e-banking.

The main disadvantage of e-banking is the security problems that surround it. It's a fact that making transactions online poses a much bigger risk compared to making transactions in a physical branch. This is due to the

hacking problems and identity theft. Addition to these risks, technical difficulties could also arise. Sometimes the bank's website goes down, and if this happens it will be a hassle for the customer because he/she has to go to a branch or make phone calls- which is usually busy due to other customers also making a call. Another case that has happened was an unpredicted rise in customer that the servers of the bank were not able to cope with. A customer may also run into a bad service. Sometimes you might wait a while for your checks to clear and you certainly can't do anything about it if it is online.