Administrative controls

Action Summary

E-banking presents new administrative control requirements and potentially increases the importance of existing controls. Management must evaluate its administrative controls to maximize the availability and integrity of e-banking systems. E-banking information can support identity theft for either fraud at the subject institution or for creating fraudulent accounts at other institutions. Institutions should consider the adequacy of the following controls:

  • Segregation of e-banking duties to minimize the opportunity for employee fraud;
  • Dual-control procedures especially for sensitive functions like encryption key retrieval or large on-line transfers;
  • Reconcilement of e-banking transactions;
  • Suspicious activity reviews and fraud detection with targeted review of unusually large transaction amounts or volumes;
  • Periodic monitoring to detect websites with similar names, possibly established for fraudulent purposes;
  • Error checks and customer guidance to prevent unintentional errors;
  • Alternate channel confirmations to ensure account activity or maintenance changes are properly authorized; and
  • Business disruption avoidance strategies and recovery plans.

 

E-banking activities are subject to the same risks as other banking processes. However, the processes used to monitor and control these risks may vary because of e-banking's heavy reliance on automated systems and the customer's direct access to the institution's computer network. Some of the controls that help assure the integrity and availability of e-banking systems are discussed below.

 

Previous Section
Authenticating E-Banking Customers
Next Section
Internal Controls