digital banking security– quo vadis?
TRANSCRIPT
DIGITAL BANKING SECURITY– QUO VADIS?
Implementing a robust security network across the bank
leveraging on Operational Risk processes
Oliver Binder
Operational Risk CEE
UniCredit Bank Austria
Vienna, 11 September 2015
BACKGROUND
Digital Banking on the Rise
Cybercrime as the Dark Side of the Internet
NEW OPERATIONAL RISK CONCEPTS
OpRisk Network as support of IT Security
OpRisk Tools & Outlook
New Concepts – New Questions
AGENDA
2
INTERNET BANKING ON THE RISE IN EUROPE
3
Online banking penetration in the European Union (EU28) from 2007 to 2014*
*source: Statistica
BANKS HAVE TO REACT TO GLOBAL TRENDS AND INCREASING
COMPETITION
Development from cash to
cheques, to credit cards and
debit cards, and now to
online banking and mobile
commerce.
Increasing competition
through financial services
offered by non-banking firms
New means of
transactions, e.g. paying
with your smartphone, are
becoming more and more
popular
4
5
Criminals increasingly leverage on big data analysis
Examples Threats
Criminals use vulnerabilities in banks ICT system framework
Phishing
Rogue mobile
applications/
malware
Account takeover
Online
Channel attack
Hacking/
Hacktivism
Big Data*
Development and
adaption of malware
based on analysis of
client device
configurations
KEY TRENDS
AS THE WORLD GOES MOBILE, CYBERCRIME WILL FOLLOW
Criminals target digital channel transactions of bank clients
Loss of client data
Loss of confidential
internal data
System damage
--> Reputational Risk
*Big data is an evolving term that describes any voluminous amount of structured, semi-structured and
unstructured data that has the potential to be mined for information
6
Global cyber-crime likely cost individuals, companies and governments between $375
billion and $575 billion in 2013 (0,5% of global GDP)*
A GLIMPSE ON THE GLOBAL DAMAGE CAUSED
*source: Center for Strategic and International Studies, 2013
Increase
clients’
awareness
Increase staff
skills and
mindset
Personalized
Security
Settings for
different channels
Offline Security
Structure
supporting
online security
2 Factor
Authentication
(Token, SMS,
Mobile)
PKI,
Biometrics
Fraud Detection
Systems
Real time
SMS alerts
Coorporation
with GSM
Operators and
Phone Manufacturers
Non - Secure
Secure
ITI WILL BE A LONG ROAD TO SECURED DIGITAL BANKING.
Regular Mobile
Security and
Penetration Tests
UNICREDIT – BIG BANK, BIG CHALLENGES
8
Estonia
Latvia
Lithuania
Poland
Croatia Serbia Bosnia
Slovakia
Ukraine
Turkey
Hungary
Russia
Czech Rep.
Slovenia
Austria
Bulgaria
Romania
Italy
Germany
Monte- negro
Bank Austria Subholding
BA Group AMA LEs:
• UC Bank Austria (2007)
• Zagrebacka Banka (HR, 2007)
• Schoellerbank (AT, 2008)
• UCB Czech Republic (2008)
• UCB Slovakia (2008)
• UCB Slovenija (2008)
• UCB Hungary (2009)
• UC Tiriac Bank (RO, 2009)
• UC Bulbank (BG, 2010)
UniCredit
Group
Bank Austria
Sub-holding
International network in 50 markets
17 European
countries Present in 13 countries
~ 8,500 Branches ~ 2,500
~ 147,000 Employees ~ 47,000
~ 40 million customers
€ 844 billion Total assets € 189 billion
Milan Headquarters Vienna
IDENTIFICATION & COOPERATION OF ALL AREAS IS KEY
UniCredit Bank Austria AG – Management Board
CEO HR CRO CFO CEE Commercial
Banking
Corprorates
& IB
Private
Banking
Legal
ORGA
Compliance
Internal Audit
DORM
DORM
DORM
UBIS
Risk Management
DORM
OpRisk unit
Special Credit
DORM
DORM DORM
Private
Customers
Corporates
DORM
DORM
DORM DORM
Operational & Reputational Risk Committee
DORM
Security Office
DORM
Schoellerbank
OpRisk Management
CEE legal entities OpRisk functions
Police Other banks External
institutes
Payment
units
VISION: ENHANCING OPPORTUNITIES AND REDUCING THREATS
TO BUSINESS OBJECTIVES
10
Permanent Work Group
What?
Analyzing operational loss data,
KRIs and Scenarios
Identify mitigation actions
Reduce potential operational
losses and key risks in the future
Monitoring and facilitating of
proceedings of strategic relevant
initiatives
Who?
Operational Risk (OpRisk)
Organisation (ORGA)
representatives from other
relevant functions i.e. Business
Divisions, Legal, Audit,
Compliance,
etc. if needed
How?
Fostering proactivity, members
take the initiative and areas
actively promote topics
Emergence of bilateral
discussions – e.g. ORGA /
Security
Function as escalation body for
previously uncovered topics
When?
Bi-weekly operative Jour Fixe
with ORGA
Quarterly meeting with all major
participants for decision taking
Effective execution of the PWG concept resulted in successful cooperation with
key stakeholders and business
VISION: ENHANCING OPPORTUNITIES AND REDUCING THREATS
TO BUSINESS OBJECTIVES
11
KEY SUCCESS
FACTORS
Establishing a good cooperation with stakeholders is crucial
Regular meetings result in intense teamwork
Set-up at an operative level in order to enable tangible results
Involve all company employees through initiatives (idea
management)
Include the roll-out of the PWG concept into high priority
programmes with clear management attention
OPERATIONAL RISK FRAMEWORK BANK AUSTRIA
WHERE WE COME FROM … AND WHERE WE WANT TO GO
Strategies
Mitigation actions
Process enhancement
Insurance
Internal loss data
External loss data
Scenario analysis
Key operational risk indicators
RAF*
Qu
an
tita
tive
Req
uir
em
en
t
Mit
igati
on
&
Co
ntr
ollin
g
Inte
gra
ted
Ris
k
Man
ag
em
en
t Integration in business strategies and
day-to-day business decisions
Alignment of Risk management to
managerial view
Active mitigation of OpRisk profile
A constant increase in awareness for
operational risk
Active involvement of business
divisions
Decentral OpRisk Framework
Sound basis for controlling and
monitoring of risk profile
*Risk Appetite Framework
MULTI-CHANNEL EVOLUTION IN BANK AUSTRIA –
WE AIM AT MAKING BANKING “SMARTER”
13
NEW BRANCH CONCEPTS – OPEN QUESTIONS
14
Are your new channels secure, both physically and electronically?
Can you meet all legal standards, e.g. data security laws?
Is your IT-infrastructure stable?
Are your internal processes aligned with the new concepts?
Are your employees and customers fit for the new challenges?
Are you ready to cover possible new emergencies?
What about your customers who want to stick with traditional channels?
ALL YOU NEED TO KNOW ABOUT DIGITAL BANKING…
15
ANY QUESTIONS?
16