Digital Banking is a rapidly evolving service that, for some financial institutions, has become the primary method that clients use to access banking services. The risks for specific Digital Banking services must be identified and understood to effectively mitigate negative consequences.
The goal of a Digital-Banking risk assessment is to measure and report on an institution’s risk profile that includes existing as well as new services. This Digital Banking profile includes an analysis of the financial institution’s intended customer base, services to be deployed, and the institution’s resources using enterprise-wide risk assessment factors as detailed in the FFIEC IT Handbook. The assessment considers the effectiveness of formal policies and procedures as well as the financial institution’s underlying internal control environment, including information security, business continuity, and disaster recovery, and management of payment services. Retail internet banking, bill payment, and commercial banking are all reviewed.
Mobile Banking carries unique risks based upon delivery channels, means of authentication, malware and virus controls, and data transmission security. Compliance risks are also heightened with mobile banking.
Remote Deposit Capture and Mobile Capture are popular delivery systems. The Risk Assessment process will include assessing the nature of risks associated with RDC activity and understanding controls for customers.
Risk monitoring activities and vendor management processes are also central to the risk assessment.
Additional channels clients use for banking include P2P/B2B Banking using such applications (such as Zelle) and Digital Wallets (such as ApplePay). These methods also present unique risks that must be identified.
For all Digital Banking solutions, the assessment process includes a review of the following:
- Implementation Processes
- Policies and Procedures
- Administrative Tasks
- Accounting and Processing Procedures
- Physical Access
- Vendor Due Diligence
- Contingency Plans
- Legal and Regulatory Components
All financial institutions want to ensure the safety and security of their documents and data. The question often arises, “But where do we start?” The answer to that lies with using an assessment tool to understand vulnerabilities, the risks involved with those vulnerabilities, and controls that mitigate risk.