Risks in computer and telecommunication systems

The speed of technological innovation in computers and telecommunications in recent years and the integration of automated operations are increasing the dependence of banks on the reliability and continuity of their EDP systems.

Banks have always been exposed to risks such as error and fraud but the scale of those risks and the speed with which they can arise have changed dramatically. Furthermore, with computerised settlement systems, interbank lending relations now circle the globe in intertwining networks. Once a bank becomes unable to pay because of system problems, default, or any other reason, the banks that have loans outstanding to that bank also incur bad debts and the default is passed along the system in a chain reaction that threatens to envelop and paralyse the entire settlement system.

The types of risk which characterise an EDP environment and the security and control procedures it requires deserve the full attention of supervisors. This note addresses the following types of risks: improper disclosure of information, error, fraud, interruption of business due to hardware or software failure, ineffective planning and risks associated with end-user computing operations.

This paper has been prepared for reference by supervisory authorities in a wide range of jurisdictions. It is not designed as a technical paper for experts in the topic but seeks rather to flag the major problem areas of which supervisors need to be aware.