OB-1.1.6

Entire section

Link

Print

Location:

Operational risk in AISPs' and PISPs' activities include the risk of loss of confidential customer data, financial loss or reputational loss resulting from inadequate or failed internal processes, people, technology and systems, or from external events including risks of internal and external frauds and cyber threats. In assessing potential operational risk, the following are some of the factors that may affect the licensee's risk exposure:

(a) Lack of governance, board and management oversight;

(b) Inadequate internal controls;

(c) Insufficient transaction monitoring;

(d) Failure of information technology through breakdown, incompatibility of legacy systems and poor scalability, poor security, etc.;

(e) Failure or insufficient cyber and information security controls;

(f) Failure of processes and procedures;

(g) Internal and external fraud;

(h) Legal risks;

(i) Outsourcing risk;

(j) Business continuity and disaster recovery; and

(k) Reputational risks.

Added: December 2018