25-03-2014, 10:03 PM
e-Banking Rules
[attachment=987]
Electronic Banking Definition:
The term “Electronic Banking” or “e-banking” is defined as remote banking services provided by authorized banks, or their representatives through devices operated either under the bank's direct control and management or under the outsourcing agreement. In other words, e-banking is an umbrella term for the process by which a customer may perform banking transactions electronically without visiting a branch and includes the systems that enable customers of banks, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network, including the Internet.
Services Exclusions
Usually, e-banking also involves phone banking and the use of automated teller machines (ATMs) but these are not covered under the above e-banking definition for the purpose of these Rules.
Furthermore, individual communications such as e-mail (digitally signed or otherwise) received by the Provider from a Customer outside the context of a remote banking service, are also not covered under this definition.
E-banking Evolution:
Technology developments and innovations are having a significant impact on the banking business. Banks face the challenge of adapting, innovating and responding to the opportunities provided by the technological advancements. The growth of e-banking has benefited enormously to banks and their customers. It has allowed banks to expand outreach, reduce transaction costs, improve efficiency, and provide virtual banking services. On the other hand, customers have benefited from efficient banking services at relatively lower costs and having the option to choose from alternate delivery channels. The e-banking has also facilitated swift movement of funds domestically and across borders.
This changing financial landscape has posed new challenges for banks and policymakers/supervisors. Banks now have increased reliance on technology to compete in an increasingly competitive business environment and thus need to effectively manage the IT security and other related risks. Central Banks and supervisory authorities are facing new challenges in banking supervision as well as in designing and implementing monetary policy. The growing scope of e-banking and increasing complexity of banking products and services demands continuous adaptation of regulatory framework and effective supervisory oversight.
E-Banking Rules:
In order to enable banks to protect customers’ information, reduce fraud incidents, and manage e-banking related risks as also to minimize the number of complaints from e-banking users, SAMA has decided to issue new “E-Banking Rules”. These Rules will replace the “Internet Banking Security Guidelines” issued in 2001.
Supervision of E-Banking:
Supervisory Approach:
SAMA’s supervisory approach is to establish and maintain a prudent regulatory framework for the growth of e-banking services in Saudi Arabia. Banks are expected to implement the risk management controls that are commensurate with the risks associated with the types, complexity and volume of transactions carried out and the electronic delivery channels adopted. They should adopt robust risk management processes and IT security measures consistent with their e-banking business strategy and the established risk tolerance level. The risk management controls established for e-banking should be fully integrated into the overall risk management systems. Banks are also expected to introduce elaborate processes to ensure timely resolution of security related issues.
Customer Protection and Education:
Rights and Liabilities of Banks and Customers:
Banks are expected to review customer contracts regarding rights and obligations of each contractual partner. Banks have to develop contracts which are:
Easy to understand; written in a clear and concise language (in Arabic and English) that any customer will understand. It should avoid the ambiguous words or phrases; which may give rise to dual-meaning.
Based on clear terms and conditions that should:
Ensure around the clock (24x7x365) availability. If there is any schedule maintenance downtime, customers should be informed well in advance.
Articulate the Service Level Agreement (SLA) between the bank and customer with a compensation program in case of failure to deliver e-banking service due to bank's mistakes or systems failure.
Explain and educate customers on how to use strong authentication mechanism (strong passwords for instance).
Use a secure messaging system when communicating with customers.
Clearly articulate the level of customer privacy and at what extent his/her information will be exposed internally within the bank.
Prohibit the bank from exposing customers' information to third parties.
Explain the process for handling customer complaints or objections with reasonable time frame to file a complaint or an objection.
Clearly explain the process of e-banking account activation and deactivation to protect customers when their accounts have been inactive for a long period of time.
Clearly explain the danger of customers using public networks/computers or international networks when they are abroad.
Explain in plain Arabic and English, the level of security the bank has undertaken to protect their assets and thus customers' information.
Provide customers with a process on how they can automatically block their own accounts (e.g. 5 successive attempts are made to gain access with an incorrect password). The bank is prohibited from blocking customers' accounts or service without assigning valid reasons and without prior notice to customer.
[attachment=987]
Electronic Banking Definition:
The term “Electronic Banking” or “e-banking” is defined as remote banking services provided by authorized banks, or their representatives through devices operated either under the bank's direct control and management or under the outsourcing agreement. In other words, e-banking is an umbrella term for the process by which a customer may perform banking transactions electronically without visiting a branch and includes the systems that enable customers of banks, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network, including the Internet.
Services Exclusions
Usually, e-banking also involves phone banking and the use of automated teller machines (ATMs) but these are not covered under the above e-banking definition for the purpose of these Rules.
Furthermore, individual communications such as e-mail (digitally signed or otherwise) received by the Provider from a Customer outside the context of a remote banking service, are also not covered under this definition.
E-banking Evolution:
Technology developments and innovations are having a significant impact on the banking business. Banks face the challenge of adapting, innovating and responding to the opportunities provided by the technological advancements. The growth of e-banking has benefited enormously to banks and their customers. It has allowed banks to expand outreach, reduce transaction costs, improve efficiency, and provide virtual banking services. On the other hand, customers have benefited from efficient banking services at relatively lower costs and having the option to choose from alternate delivery channels. The e-banking has also facilitated swift movement of funds domestically and across borders.
This changing financial landscape has posed new challenges for banks and policymakers/supervisors. Banks now have increased reliance on technology to compete in an increasingly competitive business environment and thus need to effectively manage the IT security and other related risks. Central Banks and supervisory authorities are facing new challenges in banking supervision as well as in designing and implementing monetary policy. The growing scope of e-banking and increasing complexity of banking products and services demands continuous adaptation of regulatory framework and effective supervisory oversight.
E-Banking Rules:
In order to enable banks to protect customers’ information, reduce fraud incidents, and manage e-banking related risks as also to minimize the number of complaints from e-banking users, SAMA has decided to issue new “E-Banking Rules”. These Rules will replace the “Internet Banking Security Guidelines” issued in 2001.
Supervision of E-Banking:
Supervisory Approach:
SAMA’s supervisory approach is to establish and maintain a prudent regulatory framework for the growth of e-banking services in Saudi Arabia. Banks are expected to implement the risk management controls that are commensurate with the risks associated with the types, complexity and volume of transactions carried out and the electronic delivery channels adopted. They should adopt robust risk management processes and IT security measures consistent with their e-banking business strategy and the established risk tolerance level. The risk management controls established for e-banking should be fully integrated into the overall risk management systems. Banks are also expected to introduce elaborate processes to ensure timely resolution of security related issues.
Customer Protection and Education:
Rights and Liabilities of Banks and Customers:
Banks are expected to review customer contracts regarding rights and obligations of each contractual partner. Banks have to develop contracts which are:
Easy to understand; written in a clear and concise language (in Arabic and English) that any customer will understand. It should avoid the ambiguous words or phrases; which may give rise to dual-meaning.
Based on clear terms and conditions that should:
Ensure around the clock (24x7x365) availability. If there is any schedule maintenance downtime, customers should be informed well in advance.
Articulate the Service Level Agreement (SLA) between the bank and customer with a compensation program in case of failure to deliver e-banking service due to bank's mistakes or systems failure.
Explain and educate customers on how to use strong authentication mechanism (strong passwords for instance).
Use a secure messaging system when communicating with customers.
Clearly articulate the level of customer privacy and at what extent his/her information will be exposed internally within the bank.
Prohibit the bank from exposing customers' information to third parties.
Explain the process for handling customer complaints or objections with reasonable time frame to file a complaint or an objection.
Clearly explain the process of e-banking account activation and deactivation to protect customers when their accounts have been inactive for a long period of time.
Clearly explain the danger of customers using public networks/computers or international networks when they are abroad.
Explain in plain Arabic and English, the level of security the bank has undertaken to protect their assets and thus customers' information.
Provide customers with a process on how they can automatically block their own accounts (e.g. 5 successive attempts are made to gain access with an incorrect password). The bank is prohibited from blocking customers' accounts or service without assigning valid reasons and without prior notice to customer.