Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Internet Banking
Table of Contents
Chapter*1* Introduction 0
Chapter*2* Internet Banking a new medium 7
Chapter--3 - International experience 19
Chapter -4 -The Indian Scenario 33
Chapter- 5- Types of risks associated with Internet banking 41
Chapter- 6- Technology And Security Standards For Internet - Banking 49
Chapter -7 - Legal Issues involved in Internet Banking 74
Chapter- 8- Regulatory and supervisory concerns 84
Chapter*9 - Recommendations 98
Annexure 1 111
Annexure 2 112
Annexure 3 113
Annexure 4 115
Chapter*1* Introduction
1.1 Background
1.1.1 Banks have traditionally been in the forefront of harnessing technology to improve
their products, services and efficiency. They have, over a long time, been using electronic
and telecommunication networks for delivering a wide range of value added products and
services. The delivery channels include direct dial * up connections, private networks,
public networks etc and the devices include telephone, Personal Computers including the
Automated Teller Machines, etc. With the popularity of PCs, easy access to Internet and
World Wide Web (WWW), Internet is increasingly used by banks as a channel for
receiving instructions and delivering their products and services to their customers. This
form of banking is generally referred to as Internet Banking, although the range of
products and services offered by different banks vary widely both in their content and
sophistication.
1.1.2 Broadly, the levels of banking services offered through INTERNET can be
categorized in to three types: (i) The Basic Level Service is the banks websites which
disseminate information on different products and services offered to customers and
members of public in general. It may receive and reply to customers queries through
e-mail, (ii) In the next level are Simple Transactional Websites which allow customers to
submit their instructions, applications for different services, queries on their account
balances, etc, but do not permit any fund-based transactions on their accounts, (iii) The
third level of Internet banking services are offered by Fully Transactional Websites which
allow the customers to operate on their accounts for transfer of funds, payment of different
bills, subscribing to other products of the bank and to transact purchase and sale of
securities, etc. The above forms of Internet banking services are offered by traditional
banks, as an additional method of serving the customer or by new banks, who deliver
banking services primarily through Internet or other electronic delivery channels as the
value added services. Some of these banks are known as virtual banks or Internet-only
banks and may not have any physical presence in a country despite offering different
banking services.
1.1.3 From the perspective of banking products and services being offered through
delivered through an electronic communication backbone, viz, Internet. But, in the process
it has thrown open issues which have ramifications beyond what a new delivery Internet,
Internet banking is nothing more than traditional banking services channel would normally
envisage and, hence, has compelled regulators world over to take note of this emerging
channel. Some of the distinctive features of i-banking are:
1. It removes the traditional geographical barriers as it could reach out to customers of
different countries / legal jurisdiction. This has raised the question of jurisdiction of law /
supervisory system to which such transactions should be subjected,
2. It has added a new dimension to different kinds of risks traditionally associated with
banking, heightening some of them and throwing new risk control challenges,
3. Security of banking transactions, validity of electronic contract, customers privacy, etc.,
which have all along been concerns of both bankers and supervisors have assumed
different dimensions given that Internet is a public domain, not subject to control by any
single authority or group of users,
4. It poses a strategic risk of loss of business to those banks who do not respond in time, to
this new technology, being the efficient and cost effective delivery mechanism of banking
services,
5. A new form of competition has emerged both from the existing players and new players
of the market who are not strictly banks.
1.1.4 The Regulatory and Supervisory concerns in i-banking arise mainly out of the
distinctive features outlined above. These concerns can be broadly addressed under three
broad categories, viz, (i) Legal and regulatory issues, (ii) Security issues and (iii)
Supervisory and operational issues. Legal issues cover issues relating to the jurisdiction of
law, validity of electronic contract including the question of repudiation, legal / regulatory
environment and gaps between the existing and electronic trade etc. On the question of
jurisdiction the issue is whether to apply the law of the area where access to Internet has
been made or where the transaction has finally taken place. Allied too is the issue where
the income has been generated and who should tax such income. There are still no definite
answers to these issues.
1.1.5 Security of i-banking transactions is one of the most important areas of concerns to
the regulators. Security Issues include questions of adopting internationally accepted
state-of-the art minimum technology standards for access control, encryption, firewalls,
certification of digital signature, Public/Private Key Infrastructure (PKI) infrastructure etc.
The regulator is equally concerned about the security policy for the banking industry and
other issues like security awareness, education etc.
1.1.6 The supervisory and operational issues include risk control measures, advance
warning system, Information technology audit and re-engineering of operational
procedures. The regulator would also be concerned with whether the nature of products
and services offered are within the regulatory framework and whether the transactions do
not camouflage money-laundering operations.
1.1.7 The Central Bank may have its concern about the impact of INTERNET banking on
its monetary and credit policies. As long as Internet is used only as a medium for delivery
of banking services and facilitator of normal payment transactions, perhaps, it may not
impact monetary policy. However, when it assumes a stage where private sector initiative
produces electronic substitution of money like e-cheque, account based cards, digital
coins, etc. its likely impact on monetary system can not be overlooked. Even countries
where i-banking has been quite developed, its impact on monetary policy has not been
significant. In India, such concern, for the present is not addressed as the Internet banking
is still in its formative stage.
1.1.8 The world over, central bankers and regulators have been addressing themselves to
meet the new challenges thrown open by this form of banking. Several studies have
pointed to the fact that the cost of delivery of banking service through Internet is several
times less than the traditional delivery methods. This alone is enough reason for banks to
flock to Internet and to deliver more and more of their services through Internet and as
soon as possible. Not adopting this new technology in time has the risk of banks getting
edged out of competition. In such a scenario, the thrust of regulatory thinking has been to
ensure that while the banks remain efficient and cost effective, they must be aware of the
risks involved and have proper built-in safeguards, machinery and systems to manage the
emerging risks. It is not enough for banks to have systems in place, but the systems must
keep be constantly upgraded to changing and well-tested technologies, which is a much
bigger challenge. The other aspect is to provide conducive regulatory environment for
orderly growth of such form of banking. Central Banks of many countries have put in
place broad regulatory framework for i-banking.
1.1.9 In India, too i-banking has taken roots. A number of banks have set up banking
portals allowing their customers to access facilities like obtaining information, querying on
their accounts, etc. Soon, still higher level of online services will be made available. Other
banks will sooner than later, take to Internet banking. The Indian scenario is discussed in
detail in Chapter-IV of this report.
1.2 Constitution of the Working Group
1.2.1 In the above background Reserve Bank of India constituted a Working Group to
examine different issues relating to i-banking and recommend technology, security, legal
standards and operational standards keeping in view the international best practices. The
Group is headed by the Chief General Manager * in * charge of Department of
Information Technology and comprised experts from the fields of banking regulation and
supervision, commercial banking, law and technology. The Bank also constituted an
Operational Group under its Executive Director and comprising officers from different
disciplines in the bank, who would guide implementation of the recommendations. The
composition of both the Groups are at Appendix * 1 and Appendix * 2.
1.2.2 Terms of reference
The Working Group as its terms of reference was to examine different aspects of internet
banking from regulatory and supervisory perspective and recommend appropriate
standards for adoption in India, particularly with reference to the following:
1 Risks to the organization and banking system, associated with Internet banking and
methods of adopting International best practices for managing such risks.
2 Identifying gaps in supervisory and legal framework with reference to the existing
banking and financial regulations, IT regulations, tax laws, depositor protection, consumer
protection, criminal laws, money laundering and other cross border issues and suggesting
improvements in them.
3 Identifying international best practices on operational and internal control issues, and
suggesting suitable ways for adopting the same in India.
4 Recommending minimum technology and security standards, in conformity with
international standards and addressing issues like system vulnerability, digital signature
