डिजिटल बैंकिंग जोखिम को कैसे संबोधित करें

Banks had attracted several customers to their digital platforms in the last half of the century, even before the pandemic. However, concerns and hesitation from customers regarding risks in digital banking were obstructing this transformational journey. COVID-19 accelerated the adoption of Digitech. Digital banking products and services are now flourishing both in payment and lending domain. On one hand, we see openness to adoption, on the other hand, with increasing growth, increase in various systems and technology risk comes into play. Keeping these concerns in view, we will discuss common risk in bank’s digital domain and actions taken by banks to mitigate these risks underpinning customers’ confidence. Let us take you through the risk and its management practices followed by banks in digital banking procedures.

What Are the Major Types of Banking Risks?

Before we go any further, let us understand what threatens digital banking? Banking risks in the digital space can be classified into two categories, data security risk and cyber security risk. Cyber security and data security are closely linked as both protect against information breaches. For a better understanding we can say that cyber security protects data from outside invasion. Safe banking cyberspace is protected from cyber-attacks that encompass cybercrimes and fraud. Professionals monitor the digital space to take immediate action against active threats and Advanced Persistent Threats (APT). Data security involves protecting the information provided by the customer, such as the date of birth or KYC details, from being accessed, modified or removed by unauthorized users. Security measures strengthen confidentiality and integrity through digital risk management. To understand let us see the major types of risks that banks are likely to encounter.

Payment Risk: Digital space payment methods like NEFT, RTGS, UPI, and Wallet payments are the popular modes of payment. The booming success of payment service providers (PSPs) has increased the risk of digital payment crimes. Weaknesses in regulations from many electronic payment platforms are a continuous concern for regulators. We take you through various digital payment modes and the risks and concerns involved with them.

NEFT: National Electronic Funds Transfer (NEFT) is a centralised Reserve Bank of India (RBI) owned and operated nationwide digital payment system. This allows round-the-clock payment securely to the beneficiary. The system operates on layers of verification. Banks urge NEFT transactions through banking websites or use sites with https. Avoid banking on free networks.

RTGS: Real-Time Gross Settlement is Reserve Bank of India (RBI) owned. This is a low-risk settlement of instant payment transfer dealing with high-value minimal-risk transactions.

UPI: Unified Payments Interface enables peer-to-peer and person-to-merchant transactions. Frauds accounted for 35.4 per cent while total cybercrime complaints stood at 2.37 lakh in Q1 & Q2 of 2022. (Report by Indian Cyber Crime Coordination Centre https://bit.ly/3EBbdAh). Different types of UPI scams involve phishing scams, unverified links, remote screen monitoring, deceptive UPI handles, fake calls, money mule, sim cloning, and malware.

E-Wallets: These are safe payment modes, but they are vulnerable to cyber theft if you lose your phone, or your phone gets stolen and does not have lock protection. These wallets do not offer insurance to users. If you are using unsecured public networks to initiate payment you invite hackers to steal your data. Download reliable digital wallets only.

Lending Risk: Digital inclusion in the lending platform has given impetus to digital lending from non-financial, non-regulated services increasing mis-selling digital loans especially consumer and instant loans. Neo banks are at greater risk as opposed to their traditional counterparts, as they are prone to higher risk-taking in their security portfolio. Fintech loans follow an aggressive growth strategy.

Operational Risk: Operational risk is related to people, processes, systems and procedures and external frauds. The risk stems from internal deficiencies within the system that compromise its reliability and integrity. Electronic banking systems supported by electronic money systems are vulnerable to security, system, design, implementation and maintenance and inadequate designs.

• Security risk arises when controls of a bank’s critical accounting and risk management systems are threatened by hackers accessing, retrieving, and using confidential information of customers. Third parties accessing the bank's computer can inject viruses into the system.
• Employee fraud is another source of operational risk. Employees can acquire customer data or steal stored vault cards. Error from employees can compromise the bank's system.
• Counterfeiting electronic money escapes the bank’s vigilance leading to operational risks.
• Banks facing interruptions or slowdowns in existing systems from the absence of compatible requirements need outside service providers. These experts support potions of the banking activities and banks allow outsourcing for activities they cannot provide on their own exposing themselves to operational risks.
• The rapid pace at which technology is changing is a risk for banks, as channels offer updates, which if monitored by malicious individuals can break through the banking security shield.
• Fast-changing technology is a challenge to banking employees as the innovative technology may take time for the employee to comprehend resulting in operational errors.
• Risk is posed when customers do not follow banking instructions.
• Customers enter personal information in non-secure electronic transmission allowing criminals to gain access to their accounts.

Reputational Risk: Banks inculcate corporate values and commitment to the internal banking structure with clear segregation and responsibilities. Taking special and immediate measures towards risk management, the customer trust is not allowed to slip. Operational risks attract fear of reputational risks seeding distrust in customers. Therefore, built in robust systems banking operations that can handle digital operations effectively and are customer friendly. This establishes and prioritizes organizational culture, ensuring complete adherence to risk management in banking. Customers stay tied to a bank as they trust the system. Reputational risk in banks is an outcome of poor services, fraud, and corruption. Customers’ loss of confidence in a bank can lead to loss of business, increase liquidity concerns and in extreme scenarios may lead to even bank run. Reputed banks do not allow such a situation to arise.

Legal Risk: If banks do not adhere to operational safety norms and fail to maintain their reputation, legal risk in banking is a natural outfall. Non-Adherence to compliance of regulatory guidelines/ policies by statutory authorities governing bank like RBI, introduction of a new product/process without proper testing, not having a proper Risk Mitigation Plan (RMP) / Monitorable Action Plan (MAP) for its products and processes can lead to Legal Risks for banks. Banks sometimes even must face penalties for such violations.

Strategic Risk in Banking: Banking risk is exacerbated by the poor layout of a strategy directed mostly towards prevention, with little or no attention to anticipated risks. Reputed banks, therefore, recognise the impact and power of strategy, formalising the banking process to alleviate strategic risks in banking. As discussed earlier, banking operations are regulated by a board of directors and senior management who establish a framework, taking into view fundamental and evolving transformation in financial services and integrating risk management strategies in banking operations. A special risk lens is applied in areas such as product development, sales and culture, and regular internal audits to control the internal framework to help identify oversights. Using strategic tools that monitor risk management in layers, control technologically driven internal models, lessening risk possibilities.

What Are the Key Trends in Risk Management?

When we talk of the key trends in digital banking that may pose risks to the banking structure, we must understand just like other risk factors these could be hidden and may not appear in plain sight of the bank employee. Reputed bank employees are trained to take an intuitive approach to every aspect of their organisational operations to spot any signs of risk, threatening customer interest or the bank’s reputation.

Changing financial ecosystem: As banks rely more on digital technology, customer data is their greatest asset. Most reputed banks take firm measures in scanning, regulating, and monitoring their hosting system. However, with third-party payment options, banks must identify these suppliers, and know how much customer data they have.

Automated operations: Digitalization of process has reduced the degree of errors caused by humans earlier. With the digital first concept, other risk related to systems arises and banks management must be vigil about the ever-changing digital methodologies which gives rise to new risks frequently.

Rising demand of customer expectations: With advancing technologies and various products being tailored as per customer demands, online new risk portfolios can arise for some banks, where other financial institutes may use a product without testing. Therefore, proper testing processes and stricter system check to avoid any revenue leakage should be a part of defined policies and processes of the bank.

Still getting used to new technologies: New banking technologies are rapidly emerging every day, and so are tampering mechanisms. Data infrastructure proves to be a mine of information, and internally more goes into analysis than management.

Creating a Digital Risk Function to Address Banking Risks

As banks embrace new technologies, the risk posed by these technologies goes side by side. The RBIs Risk Based Supervision (RBS) model is addressing emerging challenges with efficient governance and a risk management culture that deals with emerging technologies.

Automating risk management and compliance activities

Situations like the pandemic showed how banking and financial institutes can crumble, having to deal with non-performing loans. Banks should therefore set up agile risk backend profiles that recalibrate and tide over these situations. Banks and other financial institutes need to submit granular data to regulations; they should be able to handle high-volume data with low latency and standardisation in maintaining data integrity. Digital adoption on a large scale is creating avenues for financial frauds. Advanced techniques, like biometrics, and pattern recognition, and AI-enabled predictive modelling for fraud detection can address banking risks. An increase in processes like KYC to protect against breaches of personally identifiable information (PII) should be applied to prevent security and financial risks to institutes.

Accurately measuring and mitigating risks

Banks should study their overall operating model and incorporate risk management measures that correspond with the risk appetite of the bank.

• The banks should evaluate both traditional and emerging risks and frame policies around the findings to measure and mitigate them.
• Defining clear Standard operating Procedures (SOPs) that include fallback mechanisms
• Service level agreements (SLAs) with clearly assigned roles and responsibilities
• Validation of risk reports by relevant recipients within a timeframe
• Reporting exception identified during the reviewing process
• Maintaining transparency

Creating risk data models complying with master data management (MDM)

Developing comprehensive uniform, consistent and accountable references can reduce risk latency. This could include

• Risk monitoring and credit underwriting
• Making risk-based supervision compulsory with quantitative data points
• Related analytics can identify risks through early warnings systems
• Basel disclosures

Employee adherence to risk principles

Banks should have clearly defined risk management policies for data governance and strictly follow regulatory compliance. Setting up a data risk governance council that chiefly focuses on the management, availability, use and integration of high-risk data.

• Data guidelines should be applied assigning access to data based on the user group making data privacy an important consideration when allowing data access and ownership to users.
• Data management authorities should oversee the entire process of data management.

What Are the Challenges for the Digital Transformation of Risk Function?

The changing work environment in banking, balancing traditional banking with digital banking across the internet and branches, pose challenges for banks. Banks are under a great deal of pressure now dealing with the digital transformation challenges of automating banking with digital-first initiatives alongside brick-and-mortar onsite banking. Legacy banks are built on strong governance that helps them make a seamless digital transformation journey. Let us look at the challenges that financial institutes are likely to encounter.

Managing data: With the overwhelming flow of data covering transactions, sales, marketing and more, the security risk of banks is set to increase. Banks should upgrade their data governance systems and channel them into organised silos enabling complete assessment.

Third-party access: Cyber security in digital space faces an immense challenge with open banking, as third-party APIs have now access to financial services.

Hesitancy in corporate mindsets: When digital banking is in the phase of its rapid growth, cyber security is of the utmost concern in banking operations. For internal employees to embrace this change there is a need to show agility in adopting tools and techniques for risk management.

Innovative thought leadership: Banks should constantly audit thought leadership scopes for better ideas to mitigate strategic risk.

What Are the Technologies that Strengthen the Risk Function?

Banks need to follow innovative measures in financial analysis and forecasting to meet the demands of customer experience. Risk management in banking is closely associated with regulatory compliance that involves countless resource-intensive, error-prone document verifications. Machine learning (ML) and Artificial Intelligence (AI) automate and largely take care of this change management system. But risk management in banking needs a central regulatory system which is why banks can use Model Risk Management (MRM) structures to bring risk factors down.

Uniform definition of AI/ML: While banking needs are being gauged better with business analytics, these efficient computer systems rely on self-learning to perform tasks replacing human intelligence. Banks should work on established models defining the exact inclusions of these models for confirmed banking practices.

More transparency in the model: Both AI/ML models come with risks that can emerge from materiality, uncertainty etc. By addressing and improving these grey areas, banks can take inherent risk factors better.

Working out new risk appetite guidelines: ML models do not follow the traditional statements for risk appetite. They need different regulations, so peer networks combined with industry intelligence can draft fresh statements dealing with risk appetite.

Introducing accountability platforms: With the increase of risk management independent platforms like compliance, Operational Risk Management (ORM), MRM, Data Management and Controls, banks need to rely on governance structures that can clearly define the roles of each for risk management in banking.

Internal skill enhancement: Skill set boosting internally through external Subject Matter Experts (SME) will help banks meet and edge the approved standards of banking.

Testing products at all stages: Testing products based on the technology models during their design stage, implementation stage, operational stage, and validation process and throughout their life cycle should be an essential part of digital risk management.

Blockchain technologies: Banks can benefit from Blockchain technology for data management that decentralizes ledger technology. Allowing suitable coordination, it establishes better regulations in data sharing. Customer information can be stored in decentralised blocks ensuring safety from third party intrusion.

Wrapping Up

Digital banking comes with a wealth of facilities that are undeniably more attractive to the common consumer. When banks are focusing on customer experience, concentrating on risk management in digital banking is equally important. Banking with a dependable financial institute will help customers participate in safer banking while exploring and investing in wider opportunities.

Would you like to learn more about- Future of Digital Banking in India: Digital Transformation