金融專業(yè)外文翻譯---電子銀行業(yè)務(wù)風(fēng)險(xiǎn)管理原則

1、<p><b>　　外文翻譯</b></p><p><b>　　外文資料</b></p><p>　　The Basel Committee on Banking Supervision：《Risk Management Principles for Electronic Banking》（part）:</p><

2、p>　　Principle 6: Banks should ensure that appropriate measures are in place to promote adequate segregation of duties within e-banking systems, databases and applications.</p><p>　　Segregation of duties i

3、s a basic internal control measure designed to reduce the risk of fraud in operational processes and systems and ensure that transactions and company assets are properly authorised, recorded and safeguarded. Segregation

4、of duties is critical to ensuring the accuracy and integrity of data and is used to prevent the perpetration of fraud by an individual. If duties are adequately separated, fraud can only be committed through collusion.&l

5、t;/p><p>　　E-banking services may necessitate modifying the ways in which segregation of duties are established and maintained because transactions take place over electronic systems where identities can be mor

6、e readily masked or faked. In addition, operational and transactionbased functions have in many cases become more compressed and integrated in e-banking applications. Therefore, the controls traditionally required to mai

7、ntain segregation of duties need to be reviewed and adapted to ensure an appropri</p><p>　　Common practices used to establish and maintain segregation of duties within an e-banking environment include the fo

8、llowing:</p><p>　　·Transaction processes and systems should be designed to ensure that no single employee/outsourced service provider could enter, authorise and complete a transaction.</p><p&

9、gt;　　·Segregation should be maintained between those initiating static data (including web page content) and those responsible for verifying its integrity.</p><p>　　·?E-banking systems should be te

10、sted to ensure that segregation of duties cannot be</p><p><b>　　bypassed.</b></p><p>　　·?Segregation should be maintained between those developing and those</p><p>

11、　　administrating e-banking systems.</p><p>　　Principle 7: Banks should ensure that proper authorisation controls and access privileges are in place for e-banking systems, databases and applications.</p>

12、;<p>　　In order to maintain segregation of duties, banks need to strictly control authorisation and access privileges. Failure to provide adequate authorisation control could allow individuals to alter their autho

13、rity, circumvent segregation and gain access to e-banking systems ,databases or applications to which they are not privileged.</p><p>　　In e-banking systems, the authorisations and access rights can be estab

14、lished in either a centralised or distributed manner within a bank and are generally stored in databases. The protection of those databases from tampering or corruption is therefore essential for effective authorisation

15、control. Appendix III identifies a number of sound practices to help establish proper control over authorisation and access rights to e-banking systems, databases and applications.</p><p>　　Principle 10: Ban

16、ks should take appropriate measures to preserve the confidentiality of key e-banking information. Measures taken to preserve confidentiality should be commensurate with the sensitivity of the information being transmitte

17、d and/or stored in databases.</p><p>　　Confidentiality is the assurance that key information remains private to the bank and is not viewed or used by those unauthorised to do so. Misuse or unauthorised discl

18、osure of data exposes a bank to both reputation and legal risk. The advent of e-banking presents additional security challenges for banks because it increases the exposure that information transmitted over the public net

19、work or stored in databases may be accessible by</p><p>　　unauthorised or inappropriate parties or used in ways the customer providing the information did not intend. Additionally, increased use of service p

20、roviders may expose key bank data to other parties.</p><p>　　To meet these challenges concerning the preservation of confidentiality of key e-banking</p><p>　　information, banks need to ensure t

21、hat:</p><p>　　·?All confidential bank data and records are only accessible by duly authorised and authenticated individuals, agents or systems.</p><p>　　·All confidential bank data are

22、 maintained in a secure manner and protected from unauthorised viewing or modification during transmission over public, private or internal networks.</p><p>　　·The bank’s standards and controls for data

23、 use and protection must be met when third parties have access to the data through outsourcing relationships.</p><p>　　·?All access to restricted data is logged and appropriate efforts are made to ensur

24、e that access logs are resistant to tampering.</p><p><b>　　中文翻譯</b></p><p>　　巴塞爾銀行監(jiān)管委員會(huì)：《電子銀行業(yè)務(wù)的風(fēng)險(xiǎn)管理原則》(部分)：</p><p>　　原則6：在電子銀行系統(tǒng)、數(shù)據(jù)庫和應(yīng)用程序中銀行應(yīng)該采取適當(dāng)?shù)拇胧?，以保證有效地分解職責(zé)。</p&

25、gt;<p>　　內(nèi)部控制的基本措施之一就是職責(zé)分解，這樣做可以減少操作程序和系統(tǒng)中的欺詐風(fēng)險(xiǎn)，確保有關(guān)交易和銀行資產(chǎn)得到正當(dāng)授權(quán)、記錄和保護(hù)。職責(zé)分解可以確保數(shù)據(jù)的準(zhǔn)確性和完整性，也可以用于防止個(gè)人欺詐行為。如果對(duì)職責(zé)已經(jīng)做了充分的分解，那么欺詐只有通過共謀才能實(shí)現(xiàn)。</p><p>　　因?yàn)橥ㄟ^電子系統(tǒng)進(jìn)行交易時(shí)，交易對(duì)象的身份很容易被掩飾或偽造，因此在提供電子銀行服務(wù)時(shí)，有必要對(duì)現(xiàn)行的職責(zé)分解

26、方法進(jìn)行修改。此外，在電子銀行業(yè)務(wù)中，許多操作交易職能已經(jīng)被壓縮得越來越一體化了。因此，需要對(duì)傳統(tǒng)的職責(zé)分解控制措施作重新檢查和修改，確保其維持合適的控制水平。因?yàn)橥ㄟ^內(nèi)部或外部網(wǎng)絡(luò)，進(jìn)入安全措施不嚴(yán)的數(shù)據(jù)庫變得更加容易，有必要作進(jìn)一步嚴(yán)格的授權(quán)和識(shí)別步驟、安全和穩(wěn)健的直通程序結(jié)構(gòu)，以及充足的審計(jì)跟蹤強(qiáng)化。</p><p>　　在電子銀行業(yè)務(wù)環(huán)境中，建立和維護(hù)職責(zé)分解的通常做法包括如下：</p>&

27、lt;p>　　·交易程序和系統(tǒng)在設(shè)計(jì)時(shí)，要防止單個(gè)雇員或業(yè)務(wù)外包的服務(wù)供應(yīng)商單獨(dú)進(jìn)入、授權(quán)和完成一筆交易。</p><p>　　·錄入初始靜態(tài)數(shù)據(jù)（包括網(wǎng)頁內(nèi)容）的人員和負(fù)責(zé)復(fù)核完整性的人員之間職責(zé)分明。</p><p>　　·應(yīng)該對(duì)電子銀行系統(tǒng)進(jìn)行測試，以確保職責(zé)分解不會(huì)被省略。</p><p>　　·電子銀行系統(tǒng)的開

28、發(fā)人員和管理人員之間，職責(zé)要分明。</p><p>　　原則7：銀行應(yīng)確保對(duì)電子銀行系統(tǒng)、數(shù)據(jù)庫和應(yīng)用程序擁有適當(dāng)?shù)氖跈?quán)控制和進(jìn)入特權(quán)制度。</p><p>　　為了保證職責(zé)分解，銀行需要嚴(yán)格控制授權(quán)和進(jìn)入特權(quán)。如果不能進(jìn)行足夠的授權(quán)控制，某些個(gè)人就可能會(huì)修改他們的權(quán)限，規(guī)避職責(zé)分解和進(jìn)入未經(jīng)特許授權(quán)的電子銀行系統(tǒng)、數(shù)據(jù)庫或應(yīng)用程序。</p><p>　　在電子銀行

29、系統(tǒng)中，銀行內(nèi)的授權(quán)和進(jìn)入權(quán)力的認(rèn)定，可以采取集中的方式，也可以采取分散的方式。為了進(jìn)行有效的授權(quán)控制，有必要對(duì)這些數(shù)據(jù)庫加以保護(hù)，避免被篡改或毀損。</p><p>　　數(shù)據(jù)的完整性是指，確保傳遞或儲(chǔ)存的信息，在沒有授權(quán)的情況下不能被修改。如果不能維持交易、記錄和信息等數(shù)據(jù)的完整性，銀行就可能蒙受經(jīng)濟(jì)損失或承受重大法律和聲譽(yù)風(fēng)險(xiǎn)。</p><p>　　電子銀行直通程序的固有特征，可能使得

30、計(jì)算機(jī)編程出現(xiàn)錯(cuò)誤并導(dǎo)致欺詐行為難以在早期階段被發(fā)現(xiàn)。因此，銀行在實(shí)施直通處理程序時(shí)，很有必要確保安全、穩(wěn)健和數(shù)據(jù)完整性。</p><p>　　由于電子銀行的交易是通過公共網(wǎng)絡(luò)進(jìn)行的，所以這些交易容易出現(xiàn)數(shù)據(jù)毀損、欺詐和記錄篡改等問題。因此，銀行應(yīng)該確保擁有適當(dāng)?shù)拇胧?，保證通過互聯(lián)網(wǎng)傳輸?shù)?、?chǔ)存于銀行內(nèi)部數(shù)據(jù)庫或通過代表銀行提供服務(wù)的第三方傳輸/儲(chǔ)存的電子銀行交易、記錄和信息等數(shù)據(jù)的準(zhǔn)確性、完整性和可靠性。在電子

31、銀行環(huán)境中，確保數(shù)據(jù)完整性的共同做法包括：</p><p>　　·電子銀行業(yè)務(wù)在交易的整個(gè)過程中，要確保數(shù)據(jù)被篡改的可能性極小。</p><p>　　·電子銀行業(yè)務(wù)記錄的儲(chǔ)存、進(jìn)入和修改，要確保數(shù)據(jù)被篡改的可能性極小。</p><p>　　·電子銀行交易和記錄程序在設(shè)計(jì)時(shí)，應(yīng)該杜絕未經(jīng)授權(quán)的修改逃避監(jiān)控。</p><

32、p>　　·應(yīng)該擁有包括監(jiān)控和修改步驟在內(nèi)的足夠修改控制政策，以避免電子銀行系統(tǒng)受到任何可能損害其控制措施或數(shù)據(jù)可靠性的有意或無意的修改。</p><p>　　·通過交易處理、監(jiān)控和記錄職能，可以發(fā)現(xiàn)對(duì)電子銀行交易或記錄的任何篡改。</p><p>　　原則10：銀行應(yīng)該采取適當(dāng)?shù)拇胧?，?duì)關(guān)鍵的電子銀行業(yè)務(wù)信息進(jìn)行保密。保密措施應(yīng)該與傳輸和/或數(shù)據(jù)庫中所儲(chǔ)存信息的敏

33、感性相適應(yīng)。</p><p>　　保密就是要保證銀行對(duì)關(guān)鍵信息的獨(dú)占性，其他未經(jīng)授權(quán)者無法查看或使用這些關(guān)鍵信息。誤用或未經(jīng)授權(quán)而公開披露這些信息可能給銀行帶來聲譽(yù)和法律方面的風(fēng)險(xiǎn)。電子銀行的出現(xiàn)，使得銀行的安全問題更加突出，因?yàn)橥ㄟ^公共網(wǎng)絡(luò)傳輸?shù)男畔⒒蚴菙?shù)據(jù)庫中存儲(chǔ)的信息，可能被未經(jīng)授權(quán)者或不當(dāng)?shù)娜双@取，或者信息被使用的方式違反了客戶提供信息時(shí)的意愿，這些都會(huì)增加銀行的風(fēng)險(xiǎn)。此外，銀行越來越多的使用服務(wù)供應(yīng)商，

34、也增加了銀行關(guān)鍵數(shù)據(jù)泄密的可能性。</p><p>　　為了做好對(duì)電子銀行關(guān)鍵信息的保密工作，銀行需要確保：</p><p>　　·銀行的保密數(shù)據(jù)和記錄，只有經(jīng)過適當(dāng)授權(quán)和身份認(rèn)證的個(gè)人、代理或系統(tǒng)才能獲取。</p><p>　　·銀行的保密數(shù)據(jù)，在通過公共、私人或內(nèi)部網(wǎng)絡(luò)傳輸過程中，應(yīng)確保其安全，避免被未經(jīng)授權(quán)者偷看或修改。</p>