– A risk management perspective
“Don’t be fearful of risks. Understand them, and manage and minimize them to an acceptable level.”― Naved Abdali
This week,, I am continuing certain aspects of operational risk in banking which has been covered in my latest book: The Modern Branch Manager’s Companion. Here are some excepts from the book……
What is System/IT Risk?
This is related to the losses arising from disruption of business or systems. Events that cause these risks are data corruption, computer virus, telecommunication failures and utility disruptions. System issues are usually bank-wide and not necessarily a branch problem. Most problems relating to the banking application software are general. However, let us look at a few cases of red flags at the branch level which should not be underrated:
Users’ Misunderstanding of the Banking Concepts embedded in the Banking Software
Technology, aided by the internet has made banking relatively easy. However, many users do not appreciate the fact that it only facilitates transactions and does not replace the human element. Not giving data entry personnel the needed training and background to the transactions they perform is really an avenue for disaster. Data entry without the requisite understanding of the implications, is the first red flag. Customer service involves not only speed and accuracy, but also the understanding of the workings of the systems to reduce errors. Particular attention needs to be paid to the double-entry principle in Accounting, the reasons behind the creation of the suspense accounts in banking and how they should be monitored to prevent over-due transactions which can be manipulated into frauds and losses to the bank.
Users with Dual Access to Perform Front and Back Office Transactions
In small branches, there is a tendency for staff to do more teamwork and multi-tasking in order to close early. This is a good practice but it should be managed to ensure that data entry rights are well segregated. Unless the banking application is very much fool-proof, Tellers having access to general ledger data entry rights breach the segregation of duty principle in banking operations. We should avoid a situation where a manager equally has clerical data entry rights.
Managers performing data entry functions
I have witnessed some situations where branch managers perform both data entry as well as authorization and over-ride transactions! This is a definite NO! Shortage of staff may occasionally be treated as an emergency and exceptional rights given by IT department. This exception should, however, be reversed by close of day.
Availability of Access Rights to Users who are on transfer, leave or exited
Managers need to have regular checks on the data entry access rights of users in the branch to avoid cases of staff visiting the branch while on leave or even on transfer and checking their balances or sometimes performing data entry to assist! The e-banking facilities are there for such enquiries. Does your system continue to have names of ex-staff as data entry users? It may sound awkward but it can be abused. Have you ever come across a system transaction list of data entry staff for a particular day including a member of your branch who is on leave? That is strange and needs quick verification and follow-up before something fishy happens. Certain events of user rights of staff on leave have caused some upsets to some banks. It may be the tip of the iceberg.
Leaving the Banking Application System Open
- Is your system so slow that staff who want to be away briefly do not want to shut down?
- Do your staff leave the system on when they go to the rest room or out for lunch?
- Do your staff leave the system on when they close early, to enable their colleagues continue their work for them?
- Do your staff allow interns to work in their system without the necessary close marking?
Constant System “freezes”
- Are your computers slow and outdated? Some of the “freezes” are accompanied by system errors when the system resumes. Your customers’ data can be corrupted.
- Do you just accept every explanation given by the IT department during system issues, without seeking thorough explanation? Perhaps you can even minimize some of the effects at your branch with some efforts and monitoring from yourself.
Frequent “error correction” or reversal of data entries
- Do you notice specific data-entry personnel who regularly make mistakes that require correction?
There have been several cases of these “corrections” deliberately done to cover up some frauds. Check the audit trail of such transactions for possible regular names and closely examine the other transactions performed by these users.
The “Long Necks”
Whether it is just an odd habit or deliberately done, there are certain people who cannot just look away when others are keying their passwords. Whether it is deliberate or not, one has to quickly change one’s password, even if the “long neck” belongs to a senior colleague.
Exchanging Passwords
This is a basic caution which is given to staff during induction on the first day at work but the directive continues to be flouted everywhere. Many friendships have been broken when one person abused the trust. In banking, we always say, “Trust but Verify”. Giving away one’s password is like giving away one’s life jacket to another person while swimming!
On-line Banking
- Be suspicious of any emails requesting confidential information. There is a need to verify the request with the company or individual named in the email. Just clicking on a malicious web link can infect your computer.
- Limit the amount of personal information you provide on social networking sites.
- Use strong passwords. “Treat your password like a toothbrush; change it often, and don’t ever share it. Strong passwords are the first line of defence in your online kingdom” … By William Deutsch, About.com Guide
Although many serious system risks around the world were not necessarily at the branch, a few global cases will be useful to know.
Business Disruption
Some banks’ websites across the world have been hit by largest cyber attacks. Sometimes, such attacks leave millions of customers without access to online services.
In 2016, an unknown group launched a so-called “denial of service” attack on Britain’s largest bank, crashing web-based services for about seven hours. Full internet services were restored and no customer data was compromised as a result of the attack”.
In Ghana, we have also witnessed a few cyber attacks on state institutions, leading to denial of services. Let us continue to be vigilant and prevent major system crises in our workplaces. I hope these basic reminders are useful.
For more insights on this topic, please book a copy of my new book, “THE MODERN BRANCH MANAGER’S COMPANION” which involves the adoption of a multi-disciplinary approach in the practice of today’s branch management. It also shares invaluable insights on the mindset needed to navigate and make a difference in the changing dynamics of the banking industry. Call 0244333051 for your doorstep delivery.
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of Three books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story” and “The Modern Branch Manager’s Companion”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.
CONTACT
Website www.alkanbiz.com
Email:alberta@alkanbiz.com or [email protected]
Tel: +233-0244333051/+233-0244611343
