摘要
网上银行是以因特网为媒介,为企业及个人客户提供的自助金融服务,它具有方便、快捷和高效的特点,越来越多的人开始尝试和接受这种新型的服务方式。网上银行操作风险是一个常青的话题,也是一个充满挑战性的话题。多年来,操作风险并没有引起金融机构的充分重视,因此也没有形成较为成熟的风险管理技术。
技术应用能以多种方式产生操作风险。其中,系统的安全问题是最突出的,因为银行的系统很有可能受到外部的攻击。与系统有关的还有源于系统设计或实施中的缺陷导致的操作风险。另外,操作风险也来源于客户的误操作。
近几年来,我国网上银行操作风险的来源主要有客户的错误操作、薄弱的技术支持力量以及人为的高科技犯罪。随着科技的发展以及网上银行业务规模的扩大,人为的高科技犯罪导致的操作风险比率必定会在一段时间内呈现上升的趋势,而且一旦发生会给银行带来非常巨大的损失和严重的负面影响。
我国网上银行操作风险产生的原因有其特殊性。第一,传统的金融监管模式不适应网络时代的发展。第二,我国银行普遍存在内控机制失效的现象。第三,我国银行业在对信息技术上的人力和物力的投入相对发达国家不足,技术力量比较薄弱。第四,现有法律框架对网络犯罪缺乏强有力的约束。第五,我国银行客户操作风险意识淡薄。
我国网上银行操作风险的控制应该从外部控制和内部控制两方面入手。其中,内部控制策略包括:第一,完善我国银行内控机制;第二,从技术层面上提高网上银行系统的可靠性;第三,加强对客户的管理,提高客户操作风险意识。外部控制策略包括:第一,强化我国网上银行的监管;第二,构建网络犯罪的预防打击机制,严惩网络经济犯罪。
Internet banking provides the financial services to the customers and business by the help of Internet. Because of the convenient, quick services that Internet banking has, more and more people begin to accept this kind of new product. Operational risk of Internet banking is a common topic full of challenges. For a long period of time, financial department have paid so little attention to operational risk that there is seldom some mature techniques of operational risk management.
Technical applications may lead to operational risk by all kinds of means, where risk of security is most evident because the banking system and products may be suffered by the attack everywhere. What's more, the deficiency of Internet banking system may be one of the reasons of operational risk. And the risk from the misuse of customers can not be ignored.
As for the operational risk situation of the Internet banking in China, a conclusion can be drawn is that in the past years, the operational risk mainly comes from the customers' misuse, the deficiency of the banking system and the illegal behaviors of banking employees and other people. However, it is nature that with the rapid development of network technology, the percent of illegal behavior through Internet must be on the increase during a period of time, and the loss for it is surely surprising. On the contrary, less customers' misuse which is responsible for operational risk will happen.
The reasons for the operational risk of Internet banking in China are complicated and diversified: at first, the present financial supervision is not appropriate for the network economy; secondly, the internal control of banking is not efficient; thirdly, the investment on the technology of Internet banking is not enough for the advanced field; fourthly, the legislation and regulation on network economy is relatively backward; at last, many customers lack of the experience of security.
The strategies on controlling the operational risk of Internet banking in China includes outside control strategies and internal control strategies. Internal control includes improving the reliability and security of Internet banking by the help of technical methods, strengthening customers' ideas on security and improving the level of internal control of bank. Outside control includes adjusting the present financial supervision and developing the legislation and regulation on network economy to limit and punish some people's illegal behaviors that brings the loss to bank or customers.
引文
[1] 王华庆.网上银行风险监管原理与实务.北京:中国金融出版社,2003,122-156
[2] Basel Committee Publications, Management and Supervision of Cross-Border Electronic Banking Activities. www.bis.org, 2002-10
[3] 乔立新,袁爱玲,冯英浚.建立网络银行操作风险内部控制系统的策略.商业研究,2003,(8):128-130
[4] 龚俭.计算机网络安全概论.南京:东南大学出版社,1997,55-75
[5] Basel Committee Publications, Risk Management for Electronic Banking and Electronic Money Activities. www.bis.org, 1998-03
[6] 樊欣,杨晓光.中国商业银行操作风险分析.madisl.iss.ac.cn.2003-11
[7] 任相新.对工行内控程序的思考.www.fcc.com.cn,2003-06-24
[8] 贡丹志.新巴塞尔协议与我国商业银行风险管理.www.zgjrj.com,2004-03-01
[9] 卓翔.网络犯罪对策研究.www.tyfw.net,2002-05-14
[10] 王雨田.控制论信息论系统科学与哲学.北京:中国人民大学出版社,1987,20-40
[11] 汪东京,孙好,林赞.网络挑战传统金融.金融与保险,2002,(12):105-106
[12] 田志刚.网上银行安全问题探讨.www.fcc.com.cn,2003-06-24
[13] 关振胜.公钥基础设施PKI与认证机构CA.北京:电子工业出版社,2002,30-50
[14] 彭建刚.现代商业银行资产负债管理研究.北京:中国金融出版社,2001,172-186
[15] 吴祖玉.信息系统工程基础.北京:人民邮电出版社,2001,4-10
[16] 高晓红.网络银行监管把握时代脉搏.金融电子化,2002,(4):26-29
[17] Basel Committee Publications, Sound Practices for the Management and Supervision of Operational Risk. www.bis.org, 2003-02
[18] Basel Committee Publications, Sound Practices for the Management and Supervision of Operational Risk. www.bis.org, 2003-02
[19] Basel Committee Publications, Risk management principles for electronic banking, www.bis.org,2003-07
[20] 高虎明,张方国,王育民.先进的现状与展望.网络安全技术与应用,2002,(3):25-28
[21] D.Chaum. Security without identification: transaction systems to make big
brother obsolete, Communication of ACM, 1985,(10): 1030-1044
[22] 陈恺.电子现金系统与公钥基础设施研究:[西安电子科技大学博士学位论文].西安:西安电子科技大学,2001,18-25
[23] 谭荣华.信息化时代的银行管理理念.金融电子化,2003,(8):6-8
[24] 新巴塞尔协议的风险新理念与我国国有商业银行全面风险管理体系的构建.金融研究,2003,(1):46-53
[25] 屈延文.金融风险监管的信息化和金融信息化风险技术的监管与控制.华南金融电脑,2002,(8):4-15
[26] Basel Committee Publications, Operational Risk Management. www.bis.org, 1998-10
[27] 金融系统电子商务联络与研究小组.电子商务——安全认证与网上支付.北京:人民出版社.2000,10-20
[28] 金峰.新巴塞尔协议与我国商业银行发展.广西社会科学,2003,(4):71-73
[29] 闻岳春.我国网络银行发展探讨.金融研究,1999,(10):67-70
[30] 黄聚河.论商业银行操作风险的产生及规避.商业研究,1999-09:127-129
[31] 陈龙兴.网上银行的风险及防范.山西科技,2003,(2):44-45
[32] Basel Committee Publications. The 2002 loss data collection exercise for Operational Risk: Summary of the Data Collected. www.bis.org, 2003-03
[33] 牛晓健,王胜英.从新巴塞尔协议看我国银行的风险管理.现代管理科学,2003,(1):17-18
[34] 孙强,郝亚斌.建立完善的信息化监管与服务制度框架体系.www.ccidnet.com,2004-04-05
[35] 汪卉.我国网络银行化解风险的对策.当代经济,2002,(12):29
[36] Basel Committee Publications. The 2002 loss data collection exercise for Operational Risk: Summary of the Data Collected. www.bis.org, 2003-03
[37] Basel Committee Publications. Management and Supervision of Cross-Border Electronic Banking Activities.www.bis.org, 2002-10
[38] 林艳.试析网上银行的安全性.信息安全与通信保密,2003,(2):42-43
[39] Basel Committee Publications, Working Paper on the Regulatory Treatment of Operational Risk.www.bis.org, 2001-09-28
[40] 王强.网络银行与电子支付.华南金融电脑,2002,(12):17-20
[41] 王旭东.新巴塞尔资本协议与商业银行操作风险量化管理.金融论坛,2004,(2):57-61
[42] 王广宇.中国银行业的风险管理.金融电子化,2003,(8):9-12