Like any other industries, banking industry of Nepal has been taking rapid strides in the advancement of technology. Some of the reasons for forcing banks for the aggressive infusion of information technology in their functioning are: improving customer service, increasing volume of business, reducing costs and justify their existence in the market. Information technology could be considered the major factor enabling banks for enhancing the customer convenience. Banks have been using information technology to develop new products and customise the existing products to suit the requirement of their customers. Besides these, banks have also been using information technology in strengthening their management information systems, improving the efficiency and productivity of their employees.
Technology in Risk Management
Banks can use technology not only in offering offer offsite, value added and round the clock services to their customers but also for the management of various risks such as credit risk, liquidity risk, foreign exchange risk operations risk and the legal risk.
Technology can be used to mitigate credit risk, i.e., the risk that a borrower will default in his/her obligation to repay interest and principal component of the loan. Credit risks could be mitigated by proper industry analysis, efficient processing of loans, comprehensive credit appraisal, efficient monitoring and follow-up of borrowers’ accounts, etc. by the use of information technology system.
Liquidity risk of a bank, i.e., chance of its potential inability to generate sufficient liquid assets (cash) for the repayment of liabilities, can be mitigated by the use of technology for centralized management of funds operations through proper networking of branches, payment system reforms, and implementation of other technology-oriented schemes. Other technology-oriented schemes include cash-pooling, electronic clearing services, and electronics fund transfer system.
Technology also helps to mitigate foreign exchange risk, operations risk and legal risk. Application of technology to mitigate foreign exchange risk by reducing mismatching of positions on various foreign currencies, analysis of foreign exchange market, etc. Operational risk refers to the risk of loss resulting to the bank from inadequate or failed internal processes, people and systems or from external events. Technology can help in mitigating this risk by improving internal processes and operating system. Legal risk can be mitigated by maintenance of adequate records and compliance of various laws with the use of technology.
Technology and the Risk
While information technology revolution has helped the banks to it mitigates the risk, it also exposes these institutions to some new risks in their operations. The risk arising from the use of information technology include risk of error and fraud, risk of interruption of service, risk of accessing information by unauthorized persons, etc. Unlike financial risk, technology risk cannot be easily quantified or measured.
E-banking is also facing the risk of fraud from the hackers by web and mail spooling, attacking the bank’s server etc. to break the security walls and commit fraud. These risks can be minimized by maintaining proper security walls, encrypting data, etc.
Nowadays, banks’ customers can withdraw money at any time from the Automated Teller Machines (ATMs). ATM related frauds are common in developed countries and in Nepal in the recent past.
Management of Technology Risk
The objective of managing information technology risk is to enable the bank to achieve its business objective by securing the information technology systems and assisting the management to make well-informed risk management decisions in the areas where technology is involved. Information technology risk management process should not be treated as only a technical function carried out by the employees of system department; it should be treated as a management function.
Risk of error in maintaining data or information through the use of technology can be mitigated by ensuring entry, verification, and authorization of transactions by authorized persons only by developing access level controls. Entry of data from single or limited point also reduces the chances of error in the system. Moreover, conversion of data should be carefully monitored. Risk of fraud can be mitigated by developing proper internal control measures in the system. These include control over the unauthorized access to the system department, use of single and/or joint password, proper segregation of duties and job rotation, etc. of the system employee.
Risk of interruption of service of the bank can be mitigated by developing proper disaster recovery plan, succession plan for key employees of the system department, and proper system security control. Risk of accessing information by unauthorized persons can be mitigated by encryption of sensitive data, control over the application of system, implementation of digital certificates and digital signatures (as cyber law is in force in the country), and controlled access to information.
Information technology has changed the face of banking industry. No other sector has been benefited by advances in technology as much as banking and finance. The industry has not only kept pace with technological developments but has also forced the computer industry to continuously keep pace and innovate products to suit its needs. Banks are using information technology to gain competitive advantage. While advantages arising out of the implementation of information technology system outweigh the various risks associated with it, these risks should be managed properly to benefit the customers and the bank.