巴塞尔《电子银行业务风险管理原则》(部分)中英双板

《巴塞尔《电子银行业务风险管理原则》(部分)中英双板》由会员上传分享，免费在线阅读，更多相关内容在行业资料-天天文库。

1、外文翻译外文资料TheBaselCommitteeonBankingSupervision：《RiskManagementPrinciplesforElectronicBanking》（part）:Principle6:Banksshouldensurethatappropriatemeasuresareinplacetopromoteadequatesegregationofdutieswithine-bankingsystems,databasesandapplications.Segregationofdutiesi

2、sabasicinternalcontrolmeasuredesignedtoreducetheriskoffraudinoperationalprocessesandsystemsandensurethattransactionsandcompanyassetsareproperlyauthorised,recordedandsafeguarded.Segregationofdutiesiscriticaltoensuringtheaccuracyandintegrityofdataandisusedtopreventt

3、heperpetrationoffraudbyanindividual.Ifdutiesareadequatelyseparated,fraudcanonlybecommittedthroughcollusion.E-bankingservicesmaynecessitatemodifyingthewaysinwhichsegregationofdutiesareestablishedandmaintainedbecausetransactionstakeplaceoverelectronicsystemswhereide

4、ntitiescanbemorereadilymaskedorfaked.Inaddition,operationalandtransactionbasedfunctionshaveinmanycasesbecomemorecompressedandintegratedine-bankingapplications.Therefore,thecontrolstraditionallyrequiredtomaintainsegregationofdutiesneedtobereviewedandadaptedtoensure

5、anappropriatelevelofcontrolismaintained.Becauseaccesstopoorlysecureddatabasescanbemoreeasilygainedthroughinternalorexternalnetworks,strictauthorisationandidentificationprocedures,safeandsoundarchitectureofthestraight-throughprocesses,andadequateaudittrailsshouldbe

6、emphasised.Commonpracticesusedtoestablishandmaintainsegregationofdutieswithinane-bankingenvironmentincludethefollowing:·Transactionprocessesandsystemsshouldbedesignedtoensurethatnosingleemployee/outsourcedserviceprovidercouldenter,authoriseandcompleteatransaction.

7、·Segregationshouldbemaintainedbetweenthoseinitiatingstaticdata(includingwebpagecontent)andthoseresponsibleforverifyingitsintegrity.·E-bankingsystemsshouldbetestedtoensurethatsegregationofdutiescannotbebypassed.·Segregationshouldbemaintainedbetweenthosedevelopingan

8、dthoseadministratinge-bankingsystems.Principle7:Banksshouldensurethatproperauthorisationcontrolsandaccessprivilegesareinplacefore-bankingsystems,databas