WASHINGTON — The Basel Committee on Banking Supervision has issued guidelines for electronic banking that emphasize how traditional risks translate into the cyber world.

Electronic banking did not create risks but “increased and modified some of the traditional risks associated with banking activities, in particular strategic, operational, legal, and reputational risks, thereby influencing the overall risk profile of banking,” the committee’s electronic banking group wrote in a report that spells out 14 risk management principles to guide such activities.

The group, led by Comptroller of the Currency John D. Hawke Jr., issued the guidelines Thursday after working on them since November 1999, and it will now begin developing principles for cross-border cooperation among banking supervisors.

“Our goal is to alert financial institutions and their supervisors to the nature of risks in electronic banking,” Mr. Hawke said. “We expect bankers will put these principles to use as they develop their own customized approaches to risk mitigation.”

The guidelines are divided into three categories: board and management oversight, security controls, and legal and reputation risk management.

“After all is said and done, management recognition of the risks inherent in e-banking and the need for an integrated risk management system are fundamental if the specific risks that are addressed in the other 13 principles are to be properly controlled,” Mr. Hawke said.

He acknowledged that the guidelines are nonbinding but said the committee’s intent was to amass the collective wisdom and experiences of bankers everywhere.

The 33-page report makes common-sense recommendations such as: “Security profiles should be created and maintained and specific authorization privileges assigned to all users of e-banking systems and applications,” including customers and internal bank users.

The report also advises: “Sufficient logs should be maintained for all e-banking transactions to help establish a clear audit trail and assist in dispute resolution.”

Finally, the report reminds bankers “to ensure that third-party service providers have confidentiality and privacy policies that are consistent with their own.”

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.