FUNDAMENTALS OF ELECTRONIC BANKING

10.0 LEARNING OBJE CTIVES

1. Understand the concept of e-banking, the components and the different applications that complement
modern e- banking service delivery.

2. To be conversant with ATM's and services that can be accessed

3. To appreciate the benefits accruing to banks from electronic banking

4. Enable students to appreciate the typical e-banking vulnerabilities/weaknesses

5. Introduce students to various interventions to reduce the incidence an impact of risk and fraud in the e-
banking space

6. To have a working knowledge of Internet Banking

10.1. ELECTRONIC BANKING

Electronic Banking involves services offered by banks to their private and business customers, using
computerized support to record, process and transport data, automatically or without vouchers, and
subsequently to make them available once again after suitable preparation.

E-banking is defined as the automated delivery of new and traditional banking products and services
directly to customers through electronic, interactive communication channels.

E-banking includes the systems that enable financial institution customers, individuals or businesses, to
access accounts, transact business, or obtain information on financial products and services through a
public or private network, including the internet.

Rapid technological advances in e-banking have generally promoted the introduction of certain new
product features in response to consumer demand. E-banking is a segment of information technology and
emerged in the 1980s in response to diversification strategies designed to exploit the immense
opportunities technology offered businesses.

1
The risks and challenges associated with IT are therefore prevalent in the consideration of e-banking. The
peculiar risks of e-banking are accentuated by the internet where customers and fraudsters can operate the
systems from any part of the globe- outside the reach of the financial institution and remain largely
anonymous.

10.2. ADVANTAGES OF E-BANKING

• Cost reduction in banking services due to mass usage-cheaper and convenience

• Less reliance on physical branch networks for service delivery- releases capital that would
otherwise be tied up in brick and mortar.

• Around the clock usage of systems- 24/7

• Worldwide application of some e-banking products and services

• Less use of cheques and paper-based instruments (environmental concerns eased)

10.3. DISADVANTAGESOF E-BANKING

• Enormous risk challenges- This includes breach of systems, PINS and ID instruments (cloning)

• Requirement for effective back-up systems and controls

• Fraudsters evolving new schemes to outwit controls in e-banking facilities

• Anonymity of some applications fostering the commission of crimes around the globe- internet –
based payments

• Increased potential to introduce money laundering vulnerabilities, using the new products (New
Payment Products Services).

• Large amounts of data stored in electronic form naturally disposes such material to vulnerability,
than if stored in manual form.

2
• Information systems in different locations are interconnected through communications which may
easily be compromised.

• The potential for un-authorized access, abuse or fraud is not limited to a s' location but can occur
at any access point in the network.

10.4. MAIN ELECTRONIC BANKING APPLICATIONS

Depending on the size, technological capacity, complexity and focus of a bank or financial institution, the
applications of e- banking, may take many forms. Generally, however, electronic banking applications
can be segmented into what may be described as common e-banking applications below.

Retail services

1. Account Management

2. Bill Payment and presentations

3. New applications and account opening

4. Consumer Wire Transfers (EFTPOS)

5. Investment Brokerage

6. Loan Approvals

7. SMS Transactional Notices

8. Balance enquiries

9. Inter account transfer

Wholesale services

• Account Management

• Cash Management

3
• Business Loans and Approval

• Commercial Wire Transfers

• Business to Business Transfers

• Employee benefits/ Pensions Administration

Other generic applications are explained in detail below:

10.4.1. AUTOMATED TELLER MACHINES (ATM)

The term "Teller", is the American and Scottish word for cashier. Such cards are issued to customers, on
completion of an application form, and a confidential four-digit personal identification number (PIN) is
given. When the customer acknowledges, in writing, receipt of the PIN, the computer is instructed to
permit cash withdrawals. These are activated by the card and authenticated by the PIN being keyed at the
ATM.

The customer is given a card and a Personal Identification Number (PIN) to enable him or her access the
service.

The following services can be accessed:

I. Cash withdrawals;

ii. Fast cash: this is a rapid cash withdrawal facility allowing the customer to select one of several pre-
programmed accounts;

iii. Details of most recent balance of account;

iv. Mini-statement. i.e. a statement showing the most recent transactions to have gone through the
account;

v. Statement ordering facility;

vi. Deposit facility;

vii.Payments to third parties (which will typically be organizations like utility companies).

4
It is important that an ATM's user interface should not only be easy to use and clearly understandable but
should be designed so as to minimize the likelihood of the customer leaving without taking from the
machine all the things he needs to take. These are the cash (if any has been dispensed), the paper receipt
(if one has been requested) and, above all, the card. There is no doubt that the card is the most likely item
to be forgotten by a customer, who sees the purpose of the interactive process being to obtain cash.

ATMs have some kind of sound alarm which only ceases when the customer has removed his card from
the slot. To prevent security problems if customer forgets to retrieve the card the machine swallows it
after a short period: normally about 30 seconds.

The customer will then have to apply to get the card returned. If the ATM is sited in the lobby or through
the wall of a branch where he is known, he can get the card back by asking the branch to extract it.

Direct Deposits

Direct deposits let you authorize specific deposits such as paychecks and social security cheques to your
account.

You may also pre-authorize direct withdrawals so that recurring bills, such as insurance premiums,
mortgages, and utility bills, are paid automatically. Newer versions of ATMs have facilities that permit
customers to deposit cash directly through the machine for the credit of their accounts.

10.4.2. TELEPHONE BANKING

The beauty of telephone banking is that every major banking service can be delivered via the telephone,
apart from cash withdrawal. Broadly, there are three main types of telephone banking service.

The first uses automated voice response technology. This involves the customer using his tone-phone to
send what are in effect digitized data messages to the system in order to activate a particular service.
Alternatively, some automated voice response systems require the customer to say one of a number of
particular words down the telephone, with the system containing software which recognizes the word.

5
The second type of service uses human operators entirely and does not use automated voice response at
all.

Finally, some telephone banking services are PC based: They use a personal computer which interfaces
with the system via data communications process delivered by the telephone.

Banking Services Available via the telephone

The typical range of services offered includes:

1. Balance enquiry

2. Statement ordering

3. Cheque book request facility

4. Funds transfer between different accounts held by the customer at the bank •

5. General account queries and advice.

10.4.3. INTERNET BANKING

The power of the internet has changed the way we do banking. Banks are harnessing the power of the
internet to provide banking services.

Internet Banking is the use of personal computers for making transactions over the internet. Going to the
bank, for most people, is time consuming. Finding parking space, rushing to the bank before closing time,
and then once inside after completing all the necessary paperwork, waiting in queue to be served creates
lots of inconvenience. With internet banking one can access banking services anywhere provided one has
internet access.

By registering for internet banking it is possible to request statements, review the history of account
transactions, transfer funds from one account to another, pay water and electricity bills, or settle school
fees. Prepaid cell phone accounts can be topped up and, more importantly, an overdraft facility can be

6
applied foronline. Some customers avoid internet banking as they perceive it as being too vulnerable to
fraud. The security measures employed by most banks are not foolproof, but in practice the number of
fraud victims due to internet banking is very small.

10.4.4. SMS BANKING

SMS banking or Mobile banking is a way for the customer to perform banking transactions on his or her
cell phone or other mobile device. It is a quite popular method of banking that fits in well with a busy,
technologically oriented lifestyle.

The amount of banking you are able to do on your cell phone varies depending on the banking institution
you use. Some banks offer only the option of text alert, which are messages sent to your cell phone that
alert you to activity on your account such as deposits, withdrawals, and ATM or credit card use. This is
the most basic type of mobile banking.

A more involved type of mobile banking allows, the user to log into his or her account from a cell phone,
and then use the phone to make payments, cheque balances, transfer money between accounts, notify the
bank of a lost or stolen credit card, stop payment on a check, receive a new PIN, or view a monthly
statement, among other transactions. This type of banking is meant to be more convenient for the
consumer than having to physically go into a bank, log on from their home computer, or make a phone
call. While all of this is true, some are concerned about the security of mobile banking.

10.4.5. MOBILE MONEY

Mobile money is a cash management service available on mobile phones and operated by the Mobile
Network Operators (MNO's).

The scheme evolved in response to the inherent data communication capability of mobile phones.
Catching the attention of banks, this prompted them to launch basic inquiry services like account balance
inquiry. Subsequently, the service slowly expanded the range of functions to include funds transfer.

7
The second stage involved experimentation with e-money products with transaction initiation through
mobile phones. Currently, the service can be accessed by both mobile and non-mobile phone users.
Transfers can be received and sent through authorized merchants backed by partner banks. On registration
a wallet (individual or merchant) is created to receive or send transfers.

In emerging markets, this form is growing considerably and contributing to financial inclusion, providing
under-served and unbanked people with access to a broad range of formal financial services. The residual
challenge lies with the mode of regulating this practice and which state agency should be charged with
this responsibility of regulation. While some commentators see this as part of the telecommunication
revolution and must therefore come under the supervision of the National Communication Authority,
others opine that since it is essentially a money transfer scheme, the Bank of Ghana must control these
activities and must direct the telecommunication operators to have formal collaboration with licensed
banking institutions to ensure effective regulation.

The nature and operation of mobile payment services varies greatly between business models and
commonly involves new technologies and links with other types of New Payment Products and Services
(NPPS) This therefore present peculiar challenge for the development of Anti-Money Laundering
/Terrorist Financing regulation.

10.5. DIFFERENT MODELS OF MOBILE BANKING SCHEMES.

Basically, there are two models of the mobile banking or payment schemes. These are the bank-centric
payment model and the Mobile Network Operator (MNO) model

• In a bank-centric mobile payment model

• The customers are account holders of the bank which offers the mobile payment service and are
therefore taken through the usual Know Your Customer routines.

• The role of the MNO here is limited to providing the telecom network facility which enables the
payment messages. It does not manage or hold the customer's funds at any stage- therefore not needing a
financial services license.

8
• Under the MNO-centric payment model

• MNOs offer mobile payment services as a means to add value to their core communications
service.

• The Customer funds are held in a prepaid account by the MNO or a subsidiary of the network
operator.

10.6. BENEFITS OF MOBILE BANKING

•Available 24/7

•Send money anywhere within Ghana, provided network coverage is available.

•Savings on courier

Cost Secure Processes

10.7. SMART CARDS

These are bank cards which instead of (or in addition to) containing a magnetic stripe on which some
information can be stored, also contain a silicon microchip, an alternative term is the chip card, although
the former term is more appropriate as it emphasizes the function rather than the technology and it is
therefore the preferred term.

The enormous potential of the smart card is seen in the chip it contains, which allows far more extensive
personal customer-related information to be contained than can be held on a magnetic stripe. The chip
also has the great advantage from the security standpoint that the information it contains cannot be
copied, whereas information on the magnetic stripe can.

10.8. DEBIT CARD

A debit card is a plastic card that is used to make cash withdrawals from a bank account, or to pay for
goods and services. Your Debit Card may be linked to one or more bank accounts; into which you must
deposit funds before you can use your card.

9
A 'prepaid' Debit Card is not linked to a bank account, but is 'loaded' with funds by over-the-counter
payment or electronic transfer before use, and can be 'recharged' when necessary.

Importantly, when you use a Debit Card, you are spending your own money—not borrowed money
(unless the card is linked to an account with overdraft approval).

To pay for goods in stores, you 'swipe' your debit card through a terminal: To withdraw cash from your
account, you insert it into an ATM. You can quote the card number (generally with a password or
Personal Identification Number) to make purchases over the Internet or telephone.

Many merchants offer ‘cash out' or’ cash back' facilities, so that when you swipe your card to pay for
your purchases, you can approve a payment for more than the cost of the goods and the merchant will
hand you cash change. Many users regularly request cash when making purchases, because doing so can
cut out fees that may be charged for EFTPOS (Electronic Funds Transfer at point of Sale) withdrawals

Prepaid cards were introduced in the 1990s as an alternative to credit cards (which require the card issuer
to evaluate the card holder's minimum level of credit worthiness).

Pre-paid cards began as a device used for commercial settlements which did not require any prior
evaluation of the holder's financial standing. There are also no costs for opening and managing a payment
account.

Many prepaid cards may now be used to draw cash from ATMs, including internationally. Some provide
the possibility of P2P (Person to Person) transfers. Ghana's E-zwich card is a typical example, except that
it cannot be used internationally

Several variations of pre-paid cards exist in terms of their functionalities. These have often evolved from
a replacement for store gift

Voucher/certificates and closed loop applications.

• Closed loop Pre-paid cards

10
—These are cards offered mainly by merchants like Supermarket chains and other retail outlets.

—Holders load funds on the cards to be used to make purchases from the provider's shops or outlets,
usually against discounts.

—They do not provide access to global ATM network and are not able to have cash refunds through
merchants- (no cash back facility)

—Other variants allow transactions with any other outlet of the company,
example the Melcom card in collaboration with UBA Bank Limited.

• Open loop Pre-paid cards

—Allow transactions with any merchant or service provider participating in payment network.

—May be funded using cash or other electronic instruments

10.9. CREDIT CARDS

Credit cards, as their name implies, allow card holders to 'buy now and pay and so take credit from the
card company. The credit limit is revolving; which means that when a cardholder pays off some of his
debt, he can take more credit up to the amount he has repaid. For example, if a card holder has a credit
GHC600 and owes GHC300 he has scope for further credit of GHC300 before he reaches his limit. If he
now pays off GHC150 of the debt, his scope for credit will go up to GHC 450 because he will now owe
only GHC150. Traders who sell goods or services to customers with a bank's credit card are reimbursed
by the card company, which takes a commission. It is therefore the banking organizations that give the
credit, and not the traders.

To obtain a credit card, the Card holder is assessed for credit worthiness using the bank's internal criteria
which may include a Credit Reference Bureau check or a credit scoring scheme.

Banks usually have internal processes for monitoring credit card limits and the expiry using appropriate
software.

10.10. GHANA'S E-ZWICH CARD

11
E-zwich was introduced by the Bank of Ghana in April, 2008 in collaboration with the banks. It is the
brand name for the national switch, a common platform that links the payment systems of all banks
including rural and community banks and savings and loans companies in Ghana.

As an electronic platform e-zwich enables the uploading and spending of cash electronically and allows
for settlement of payments on the same platform.

It is a biometric (fingerprint) smart card designed to function in locations without electricity and
telephone equipment and eliminates the need to have basic literacy and numeracy to operate a bank
account. One does not even need bank account to use the card.

The card can be used in all bank ATMS. It can also be used to make purchases from designated
merchants.

10.10.1. Features of the E-zwich card.

•Electronic smartcard

•Biometric Technology

•POS terminal operates both online and offline

10.10.2. Benefits of E-zwich cards

1. Money loaded on the smart card is secure and can only be accessed using your fingerprints.

2. Payments are immediate and value transferred instantaneously.

3. Provides a modern payment option which is safe and convenient.

4. When you lose your card you don't lose your money.

5. Can be used to make payments at the open market, shops, hospitals, fuel stations, schools, in taxis,
trotro, buses, etc., anywhere in the country.

6. Your card can also be used at any ATM, POS or bank teller station.

12
7. Money loaded onto your card is accessed immediately.

8. It is safe, convenient and secure.

9. You don't need a bank account in order to have one.

The catch phrase is 'Easy banking for everyone'.

10.10.3. Advantages of e-zwich cards.

•Protection against fraud

•Reduces the cost of electronic transactions as banks are able to pass on the advantages of economies of
scale derived from the cooperative effort.

10.10.4. DIRECT DEBITS

'This is an instruction from a creditor to its bank authorizing it to collect an agreed amount (s) from the
bank account of the creditor's customer so long as the customer has signed a direct order mandate and has
been given advance notice of the collection amount and date.

In Direct Debit transactions, the customer (Payer/Debtor) enters into an agreement with the creditor
(service provider), for instance a mortgage, electricity, water or insurance company, under which he/she
signs a mandate authorizing his/her bank to accept future payment requests from the service provider and
debit his/her account and transfer the funds to the service provider's bank.

10.10.5. Usefulness of the Direct Debit Service

The key attractiveness of the direct debit scheme is that it is designed to meet the current and future
payment needs of customers with a simple, secure, reliable, transparent and cost effective payment
instrument.

13
The service expands the payment alternatives and provides customers with greater choice.

Other advantages are that:

 It establishes a scheme which is sound and accessible all over the country.

 It brings the National Payment Systems (GHIPPS) in line with international electronic payment
standards and trends.

 It moves the economy away from over- reliance on Cash for payments to the more convenient
alternative of electronic payment schemes.

10.10.6. Who Can Sign onto this Service?

The Direct Debit service is particularly beneficial for:

 Insurance Premiums Payments

 Utility Bills/ Subscription fees

 Mortgage Payments

 Micro Finance or Savings & Loan Co. i.e. Loan Repayments

 Rent payments

 Membership Dues /Contributions/Donations

10.10.7. ADVANTAGES OF DIRECT DEBIT SCHEME

(A) TO THE ORIGINATOR'S (SERVICE PROVIDER'S) CLIENTS

1. It spreads the costs –of bills across the year, thus allowing easier budgeting for the payer.

2. Payer obtains peace of mind –of knowing bills are being paid automatically and payment dates will not
be missed to ensure continuity of enjoying service

3.1t’s often cheaper as it eliminates the expense of mailing multiple cheques at periodic intervals.

14
4. It is more convenient –choice of payment date gives convenience of choosing date that suits the payer.

5. It is guaranteed -the reassurance of knowing that every direct debit is protected by safeguards

6. What is left is available to spend –paying bills by direct debit means it is easy to know what disposable
income is left after all commitments have been met

(B) TO THE CORPORATE CLIENT- THE CREDITOR.

1. Provides assurance of payment

2. Excellent cash flow benefits from receiving regular payments

3. Low cost of administration compared with requesting consumer-initiated payments

4. Precise control over payment timing

5. Reduced time is spent chasing unpaid or delinquent accounts

6. Greater accounting efficiency-identify unpaid items quickly

7. Direct Debit is simple -It eliminates many of the labor-intensive or manual processes involved in
handling cheque payments, improving the accuracy and efficiency of the corporate operations.

10.11. TYPICAL & BANKING VULNERABILITIES AND ASSOCIATED FRAUD

It must be recognized that e-banking is a segment of Information technology and indeed have arisen from
the immense opportunities inherent in the IT space.

Consequently, the weaknesses or vulnerabilities associated with IT are prevalent in e-banking as well.

10.12. INTERNET VULNERABILITIES

Large public networks are more vulnerable than internal networks due to wide accessibility of the system
to users, including fraudsters.

15
Internet-based e-banking also suffer enormous and widespread impact due to the size and speed
capabilities of the network, when a hacker or other criminal is able to penetrate the system.

When corporate networks are linked to the internet, information systems are more vulnerable to attacks
from outsiders. Computers constantly connected to the internet by cable or Digital Subscriber Lines
(DSL) modems are more open to penetration by outsiders than older dial-up lines.

10.13. KEY LOGGERS

These are simple electronic devices (most of them look like pen-drives) that may be affixed clandestinely
to record keystrokes on a keyboard in order to gain user names, passwords, and other data.

Customers can be more at risk from key logging software in internet cafes. Bank customers used to send
instructions to their banks from internet cafe are more vulnerable as their vital account details could easily
be captured in these places.

Customers may also be tricked into downloading the software at home, e.g., luring unsuspecting users
into believing that Microsoft expects them to update patches or use new spurious anti- virus installation
software.

10.14. ATM AND SHOULDER SURFING

A person who is standing near as you fill out a form, enter your PIN number especially at the ATM/ Point
of Sale Terminal, or punch in your calling card numbers may be doing more than just waiting their turn.
(just like shouting mobile phone re-charge units’ reference to a recipient to the hearing of other people
around you.)

To help prevent shoulder surfing, shield your paperwork from view using your body and cup your hand
over the ATM keypad.

Shoulder surfing can also be done at a distance using binoculars or other vision-enhancing devices.
Inexpensive, miniature closed-circuit television cameras (CCTV) can be concealed in ceilings, walls or
fixtures to observe data entry.

16
10.15. COUNTERFEIT CARD FRAUD (CLONING/SKIMMING)

This takes place through skimming Data on magnetic strip of a customer's card. This is copied using hand
held skimming devices which transfers data unto duplicate cards.

Fraudsters exploit customer vulnerabilities, traditionally in retail outlets-supermarkets, fuel stations,

airline ticketing outfits, where Operators might smuggle cards briefly out of sight of unsuspecting
customers and run these through hidden devices to capture client details

Businesses that accept bank cards have an important role to play in stemming card fraud. Up to 80% of
fraud can be stopped at the merchant level through education.

To forestall card skimming many banks and financial institutions are gradually migrating to Chip and
PIN-based systems which make it more difficult to copy client account details.

10.16. PHISHING- ON LINE FRAUD

How the scam works

Fraudsters send you unsolicited emails, -specifically to steal access credentials, - user names and
password

Emails are purportedly from your bank

Emails request you to click onto a link in the email to update your persona details

Once clicked, the link will divert you to a fraudulent or spoof website. The information is sent to the
fraudsters who defraud you.

10.16.1. PHISHING- DO'S AND DON'T'S

To avoid being a victim of a phishing scam, DO the following;

•Type the website address into your Internet browser rather than clicking in on a hyperlink in the email

•Only use secure Internet banking sites

17
•Beware of unusually long website addresses

•Contact your bank immediately if you have compromised confidential information

•Remember that a bank will never request you to confirm confidential information via email or the
Internet.

As further safeguards, DO NOT

•Click on a URL (Uniform Resource Locator or web address) contained in the body of the email sent to
you by the potential fraudster

•Reply to any of the emails that you cannot attest to their source.

'10.17. PHARMING

Pharming is an e-banking scam where the fraudster's attack designed to redirect a website's traffic to
another bogus site. It may be conducted by either changing the hosts file on a victim's computer or by
exploiting vulnerabilities inherent in Domain Name Server (DNS) software.

DNS servers are computers responsible for resolving internet names into their real Internet Protocol (IP)
addresses. When a DNS server is compromised, it is said to be poisoned.

Pharming is most prevalent with home or personal computers which are not protected with a firewall. The
fraudsters target usually businesses hosting e-commerce and on-line banking websites. Countering
pharming requires sophisticated anti-pharming measures not normal anti-virus or spyware removal
software.

10.18. COMPONENTS (CONFIGURATION) OF AN E-BANKING PLATFORM

The components of an e-banking platform or configuration refer to the facilities that must be present for
the e-banking system to operate optimally. These are the requirements that ensure that all the various
applications or services offered by the bank can work.

E-banking systems rely on a number of common components or processes. Potential components and
processes seen in a typical banking or financial institution are:

18
– Website design and hosting,

– Firewall configuration and management,

– Intrusion detection system or IDS (network and host-based),

– Network administration, Security management, Internet banking server,

– E-commerce applications (e.g., bill payment, lending, brokerage),

– Internal network servers, Core processing system,

Programming support, and

- Automated decision support systems.

- These components work together to deliver e-banking services. Each component represents a
control point or operational risk dimension worth considering

10.19. EXTERNAL E-BANKING SERVICE PROVIDERS.

For cost and other strategic considerations, banks may opt to have all the e-banking facilities themselves
or rely on other external parties for some essential facilities.

The following entities could provide or host (i.e., allow applications to reside their servers) e-banking-
related services for financial institutions:

• Another financial institution,

• Internet service provider,

• Internet banking software vendor or processor,

• Core banking vendor or processor,

• Managed security service provider,

• Bill payment provider,

• Credit bureau, and

19
• Credit scoring company.

Banks and other financial institutions normally choose their e-banking system configuration, including
outsourcing relationships, based on four key factors: Strategic objectives for e-banking; scope, scale, and
complexity of equipment, systems, and activities; Technology expertise; and security and internal control
requirements.

10.20. SUMMARY

•After reading this unit, you should be able to:

*Understand Electronic banking and its key applications.

*Appreciate the typical weaknesses associated with e-banking

*Understand the requirements for an e-banking system to operate efficiently

•Appreciate the considerations for choosing an optimal set of facilities.

CHAPTER ONE

INTRODUCTION TO BANK RISK MANAGEMENT

CHAPTER OBJECTIVES

This introductory chapter explains;

 The basic concepts of risk to enhance the ability to blend theory and practice of managing risk
 What constitutes risk management
 What factors have created the impetus for risk management in banking?
 the ISO 31000 principles of risk management

20
1.0. UNDERSTANDING THE CONCEPT OF RISK IN BANKS

Risk in a banking organization is the possibility that the outcome of an action (strategy) or event could
bring up adverse impacts contrary to expectations or define objectives. The unintended outcomes could
either result in a direct loss of earnings which may negatively impact capital, or may result in imposition
of constraints the bank’s ability to meet its business objectives.

The spectrum of constraints poses a risk to managers, shareholders and stakeholders in that they could
hinder a bank’s ability to conduct its own business. This may preclude the bank from taking the benefit of
opportunity enhance its core business.

Risk is an integral part of life and cannot be ignored, especially in business underlying the concept of risk
is uncertainty- the probability that expected outcomes- usually expressed in monetary terms, will not
materialize. It may happen that either what has been budgeted for may not be achieved because what
expected to happen failed to happen or some other unexpected events happened to put a well thought out
plan asunder,

Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Risks are
usually defined by the adverse impact on profitability of several distinct sources of uncertainty.
Uncertainty will always be a key factor in building management. The challenge for management is to
lessen its impact on the business objectives by understanding and preparing for threats that are beyond the
influence management.

The types and degree of risks a bank may be exposed to depend upon a number of factors such as;

 Its size and the effects of globalization,

 The complexity of business activities,
 The degree of reliance on information technology systems and
 inherent vulnerabilities,
 The volume of its business,
 The geographical spread and strength of the economy in the respective catchment areas,
particularly relevant in a multi –national company of a bank with a broad national network
increases with offering resources endowments.
 Internal corporate governance effectiveness and the external regulate regime.
 The external social and environmental factors.

21
Risks facing banks are therefore multi-dimensional and inter-related. The effect of risks is generally felt
in the Profit and Loss account or negatively impacts board objectives. This ultimately translates in a
reduction of capital.

In the course of its intermediation functions, banks generally face such key risks as credit, Market,
Liquidity, Operational, Compliance, Legal, Regulatory and Reputational. These are explained briefly
below and will be further examined in subsequent chapters.

1.1 RISK TYPES- INTRODUCTORY

(A) CREDIT RISK

Credit risk refers to the possibility of default in the repayment of a loan or a delayed it of interest and
principal on loans and advances. In many banks, credit tends be largest asset portfolio in the balance
sheet, hence the time and effort expended in its management.

Credit risk comprises counterparty risk, settlement risk and country risk. Counterparty risk is the risk of
loss to the bank as a result of the failure by a counterparty (its customer) to meet its financial and/or
contractual obligations to the bank.

Concentration risk refers to any single exposure or group of exposures large enough to cause credit losses
which threaten the bank’s capital adequacy or ability to maintain its core operations. It is the risk that a
common factor within a risk type or across risk types fails or an event is triggered which causes credit
losses.

(B) MARKET RISK

Market risk refers to the risk of a decrease in the actual or effective market value of a portfolio of
financial instruments. This may be caused by adverse moves in market variables such as equity, bond and
commodity prices, currency exchange rates and interest rates, credit spreads, recovery rates, correlations
and implied volatilities in all of the above.

Market risk covers both the impact of these risk factors on the market value of traded instruments as well
as the impact on the bank’s net interest margin as a consequence of interest rate risk on banking assets
and liabilities. Market risk manifests in Asset Liability compositions, the term structure of assets and
liabilities as well as composition of assets and liabilities (exposures) in local or foreign currencies.

22
Market risk management principles include;

 Regular stress tests and Liquidity Contingency Plans

 Identification of risks in the trading and banking books
 Risk appetite specification in the form of limits and triggers
 breach management
 price validation and profit recognition policy
 business unit’s sign off of positions and P & Ls at regular intervals
 Computation of regularity capital
 Reporting of market risk

(C) EQUITY RISK

Equity risk or investment risk refers to the risk of loss arising from exposures to equity and similar
instruments, including public and private equity, including (but not necessarily limited to) strategic
investments as well as exposures in consequence of under writing commitments.

(D). LIOUIDITY RISK

Liquidity risk arises when a bank is unable to meet its payment obligations fall due. This may be caused
by the bank’s inability to liquidate assets all funding to meet its liquidity needs.

Having a variety of illiquid assets is not enough comfort that the bank obligations as and when they fall
due. The critical test is how quickly these could be realized without significant loss in value, to meet
obligations due immediately has been the bane of many SMEs and micro-finance institutions in Ghana.

(E) OPERATIONAL RISK

Operational Risk is defined as the risk of loss resulting from inadequate internal processes, people and
systems or from external events, including legal risk but excluding reputational and strategic risk.

The definition of operational risk includes:

— Taxation Risk - the risk that the group will incur a financial loss due to incorrect interpretation and
application of taxation legislation or due to the impact of new taxation legislation on existing business.

— Compliance Risk — the risk that the bank does not comply with applicable laws and regulations or
supervisory requirements.

23
(F) BUSINESS/STRATEGIC RISK

Business Risk is the risk of loss, usually from inflexible cost structure or inefficiencies, due to adverse
operating conditions. This may be caused by market- driven pressures such as decreased demand,
increased competition, or and by bank specific causes such as a poor choice of strategy, reputation.

1.2. RISK MANAGEMENT

Arising from the definition above, risk management can be considered to mean the discipline that
involves the process of identifying, assessing and controlling risk inherent in business operations. It
involves a coordinated effort by all staff especially management, to control and minimize the likelihood
and impact of unexpected events.

Risk taking is central to all businesses. Investors and business executives therefore avoid risk completely
and expect rewards. Indeed, the common assumption is that the higher the risks associated with a business
or a strategy the higher the rewards.

“A ship is safe in harbor but that is not what ships are for”- William G.T. Shedd

The above quotation amply illustrates the point that without risk taking, that is, taking the ship from its
safe anchor into the tumultuous oceans, there would be no reward. In essence, a ship owner can only
make money if the ship sets sail to desired destinations and exposed to all the vagaries of the sea.

The primary risk management objective is to provide assurance that uncertainty does not deflect the board
and management’s efforts from achieving set goals.

Situations that give rise to risk are varied. The following are but a few of such sources

• Business cycles or seasonality

• Changes in political, economic- (including monetary and fiscal changes),

• Unreliable or inadequate information for decision making.

• Competitive pressures.

How much risk a bank is willing to take is a function of its risk appetite which must be approved by the
board, and usually communicated through a risk appetite statement.

Risk appetite is determined by factors such as the quantum and mix of capital, volatility of earnings, the
availability of skilled personnel and the assessment of other environmental factors like the present or

24
future state of the economy, political and legal framework, and the social and technological dynamics
prevailing at a time or likely to exist in a pre-determined time horizon.

Risk appetite may vary from one bank to the other, depending on the unique circumstances of each bank,
and the factors stated above. Even for the same bank, risk appetite may not be static as it must reflect
strategy, which includes the bank’s objectives, key aspects of the business, economic cyclicality and
stakeholder expectations overtime. The board and management attitude towards growth, risk and return
greatly influence the bank’s risk appetite.

1.2.1 THE INCREASING IMPORTANCE OF RISK MANAGEMENT

Risk management has captured the attention of bank management, regulators and stakeholders in recent
times due to a variety of factors, some of which are highlighted below:

 The high profile events that have blighted the fortunes of otherwise strong banks and financial
institutions e.g. the fall of Barring Bank and the contagion effects of the American Financial
Crisis of 2006-2009. In Ghanaian context, the fall of unibank, royal bank, beige bank and others
and the repercussion on the financial industry.
 Examples of financial organizations that have been subject to significant losses through
operational risk have been witnessed overtime. The economic turmoil of recent years and
examples of operational risk management in some financial entities across the global economy,
have also led to increased scrutiny and considerable attention.
 Across the banking industry, the role of operational risk management gained prominence,
principally because of the recognition that operational risk vulnerabilities are not isolated to one
area of the bank in view of the integrated nature of banking business and the fact that risk events
can happen at any time.
 Advances in technology, particularly in automation, have the potential to transform risks from
manual processing errors to system failure. Indeed, technological support is both a solution and a
cause of risk.
 The increasing use of internet banking provides opportunities to fraud in cyberspace with the
criminal remaining largely anonymous.
 Financial de-regulation across many jurisdictions has expanded the frontiers of financial services
by the opening up of new areas previously closed to certain financial organization. The task of
addressing risk in banks and other financial institutions begins with a thorough understanding of
what constitutes risk, what are the major causes of risk and what are the effects of risk events on
the profitability and survival of these institutions.

25
1.3.3. SYSTEMIC AND NON-SYSTEMIC (SPECIFIC) RISKS.

Systemic risk connotes risk that affects the entire banking industry, and whose impact or effect is felt
differently by players in the industry depending on their respective business sizes or areas of
specialization.

Systemic risk manifests in breakdowns in an entire financial system, as opposed to breakdowns in

individual parts or components. In banking, it results in a high probability or correlation and clustering of
bank failures in a single number of countries or the global financial system as happened during the
American financial crisis of 2006-2009.

According to Bartholomew and Whalen l995,p 4), systemic risk “refers an event having effects on the
entire banking, financial, or economic system, — than just one or a few institutions”.

Frederic Mishkin also defines systemic risk as “the likelihood of a sudden1, usually unexpected, event
that disrupts information in financial markets, making them unable to effectively channel funds to those
parties with the most productive investment opportunities” (1995, 32).

The Bank for International Settlements (BIS) defines systemic risk as the risk that the failure of a
participant to meet its contractual obligations may in turn cause other participants to default with a chain
reaction leading to broader financial difficulties” (BIS 1994, 177).

Non-systemic or Specific risk applies to the type of risk which is peculiar to one bank or financial
institution. It could arise from a failure of a particular strategy employed by the bank, e.g. branch
expansion that flopped.

It may also happen that a specific risk tends to create systemic risk. This may occur where the collapse of
one bank creates a perception that other banks may similarly follow suit. The clients of other banks and
the general public tend to develop cold feet in their interactions with banks generally. The collapse of
non-bank financial institutions, especially the micro-finance institutions, in Ghana creates this kind of
scenario.

1.3.4 OTHER BROAD RISK TYPES

Other subsets of risk within banking and financial markets are exchange risk, settlement risk, liquidity
concentration risk, reputational risk, basis risk and legal risk.

26
1.4 THE I.S.O 31000: 2009 PRINCIPLES OF RISK MANAGEMENT

The International Organization for Standardization (ISO) recommends a set of principles that should
guide management in the process of managing risk.

The process of risk management begins with examining the totality of the firm’s mission and vision and a
thorough consideration of the environment.

An overview of the process for risk management as per ISO 31000 is depicted below:

Communicate and consult

Who are the stakeholders and what are their objectives?

Establish the Identify the Analyses the Evaluate the Treat the risk
context risks risk risk

What do we What might What will this In what order

happen? How, How should
need to take means for our should we
when and we best deal
into account objectives? deal with
why? with them?
and what are them?
our
objectives?

Monitor and review

27
 Have the risks and controls changed?

Flowing from the structure above, it is expected that the practice of risk management should;

• be supported by a structure that is appropriate to the organization and its external environment or
context.

• be proportionate to the level of risk in the organization (as related to the size, nature and complexity of
the organization),

• be aligned with other corporate activities,

• be comprehensive in its scope,

• be embedded into routine activities

• be dynamic by being responsive to changing circumstances.

1.5. A RISK MANAGEMENT FRAMEWORK.

A risk management framework denotes a set of components or architecture that support and sustain risk
management throughout an organization. Broadly, there are two types of components the foundations and
organizational arrangements.

The foundations arrangement is constituted by the bank’s risk management policy, objectives, mandate
and commitment. The organizational arrangements include the plans, relationships, accountabilities,
resources, processes, and activities that are employed to manage the organization’s risk milieu.

28
 THE BANK’S RISK MANAGEMENT FRAMEWORK

policies, processes,
Corporate governance Information Review mechanism
procedures, guidelines management
system
and best practices.

Risk identification

Risk acceptance

Risk measurements

Board &
Management Effective Ongoing
Risk monitoring
committees information review of,
flow
 System
Risk reporting
 Policies
 Procedures

Risk control

The above figure summarizes the elements of a risk framework, encompassing the dimensions and
processes for a holistic risk management system. It depicts the role of the Board in setting the broad
policy objectives, including guidelines on risk appetite and target markets. The requirement effective
information flow and the need for implementation, reporting and regular review of the organization entire
processes to meet changing needs is a sine qua non for effective risk management.

These give effect to various departmental or business unit manual of operations which guide employees
on how the organization conducts its business- what is acceptable or otherwise and broadly constitute the
elements of the firm’s culture.

29
DISCUSSION POINTS

1. You have been selected to give a talk to a group of management trainees in your bank. Explain to
them your understanding of risk and why it is an essential component of managing banking
business.
2. Examine the factors that have influenced the scope and depth of risk management in recent times,
using examples from your own bank.
3. A bad bank anywhere threatens good banks everywhere”. Examine this statement in the context
of a globalized financial market and why regulation seeks to minimize systemic risk in the
banking community.

30