金融專業(yè)外文翻譯---電子銀行業(yè)務風險管理原則

1、<p><b>　　外文翻譯</b></p><p><b>　　外文資料</b></p><p>　　The Basel Committee on Banking Supervision：《Risk Management Principles for Electronic Banking》（part）:</p><

2、p>　　Principle 6: Banks should ensure that appropriate measures are in place to promote adequate segregation of duties within e-banking systems, databases and applications.</p><p>　　Segregation of duties i

3、s a basic internal control measure designed to reduce the risk of fraud in operational processes and systems and ensure that transactions and company assets are properly authorised, recorded and safeguarded. Segregation

4、of duties is critical to ensuring the accuracy and integrity of data and is used to prevent the perpetration of fraud by an individual. If duties are adequately separated, fraud can only be committed through collusion.&l

5、t;/p><p>　　E-banking services may necessitate modifying the ways in which segregation of duties are established and maintained because transactions take place over electronic systems where identities can be mor

6、e readily masked or faked. In addition, operational and transactionbased functions have in many cases become more compressed and integrated in e-banking applications. Therefore, the controls traditionally required to mai

7、ntain segregation of duties need to be reviewed and adapted to ensure an appropri</p><p>　　Common practices used to establish and maintain segregation of duties within an e-banking environment include the fo

8、llowing:</p><p>　　·Transaction processes and systems should be designed to ensure that no single employee/outsourced service provider could enter, authorise and complete a transaction.</p><p&

9、gt;　　·Segregation should be maintained between those initiating static data (including web page content) and those responsible for verifying its integrity.</p><p>　　·?E-banking systems should be te

10、sted to ensure that segregation of duties cannot be</p><p><b>　　bypassed.</b></p><p>　　·?Segregation should be maintained between those developing and those</p><p>

11、　　administrating e-banking systems.</p><p>　　Principle 7: Banks should ensure that proper authorisation controls and access privileges are in place for e-banking systems, databases and applications.</p>

12、;<p>　　In order to maintain segregation of duties, banks need to strictly control authorisation and access privileges. Failure to provide adequate authorisation control could allow individuals to alter their autho

13、rity, circumvent segregation and gain access to e-banking systems ,databases or applications to which they are not privileged.</p><p>　　In e-banking systems, the authorisations and access rights can be estab

14、lished in either a centralised or distributed manner within a bank and are generally stored in databases. The protection of those databases from tampering or corruption is therefore essential for effective authorisation

15、control. Appendix III identifies a number of sound practices to help establish proper control over authorisation and access rights to e-banking systems, databases and applications.</p><p>　　Principle 10: Ban

16、ks should take appropriate measures to preserve the confidentiality of key e-banking information. Measures taken to preserve confidentiality should be commensurate with the sensitivity of the information being transmitte

17、d and/or stored in databases.</p><p>　　Confidentiality is the assurance that key information remains private to the bank and is not viewed or used by those unauthorised to do so. Misuse or unauthorised discl

18、osure of data exposes a bank to both reputation and legal risk. The advent of e-banking presents additional security challenges for banks because it increases the exposure that information transmitted over the public net

19、work or stored in databases may be accessible by</p><p>　　unauthorised or inappropriate parties or used in ways the customer providing the information did not intend. Additionally, increased use of service p

20、roviders may expose key bank data to other parties.</p><p>　　To meet these challenges concerning the preservation of confidentiality of key e-banking</p><p>　　information, banks need to ensure t

21、hat:</p><p>　　·?All confidential bank data and records are only accessible by duly authorised and authenticated individuals, agents or systems.</p><p>　　·All confidential bank data are

22、 maintained in a secure manner and protected from unauthorised viewing or modification during transmission over public, private or internal networks.</p><p>　　·The bank’s standards and controls for data

23、 use and protection must be met when third parties have access to the data through outsourcing relationships.</p><p>　　·?All access to restricted data is logged and appropriate efforts are made to ensur

24、e that access logs are resistant to tampering.</p><p><b>　　中文翻譯</b></p><p>　　巴塞爾銀行監(jiān)管委員會：《電子銀行業(yè)務的風險管理原則》(部分)：</p><p>　　原則6：在電子銀行系統(tǒng)、數(shù)據(jù)庫和應用程序中銀行應該采取適當?shù)拇胧?，以保證有效地分解職責。</p&

25、gt;<p>　　內(nèi)部控制的基本措施之一就是職責分解，這樣做可以減少操作程序和系統(tǒng)中的欺詐風險，確保有關交易和銀行資產(chǎn)得到正當授權(quán)、記錄和保護。職責分解可以確保數(shù)據(jù)的準確性和完整性，也可以用于防止個人欺詐行為。如果對職責已經(jīng)做了充分的分解，那么欺詐只有通過共謀才能實現(xiàn)。</p><p>　　因為通過電子系統(tǒng)進行交易時，交易對象的身份很容易被掩飾或偽造，因此在提供電子銀行服務時，有必要對現(xiàn)行的職責分解

26、方法進行修改。此外，在電子銀行業(yè)務中，許多操作交易職能已經(jīng)被壓縮得越來越一體化了。因此，需要對傳統(tǒng)的職責分解控制措施作重新檢查和修改，確保其維持合適的控制水平。因為通過內(nèi)部或外部網(wǎng)絡，進入安全措施不嚴的數(shù)據(jù)庫變得更加容易，有必要作進一步嚴格的授權(quán)和識別步驟、安全和穩(wěn)健的直通程序結(jié)構(gòu)，以及充足的審計跟蹤強化。</p><p>　　在電子銀行業(yè)務環(huán)境中，建立和維護職責分解的通常做法包括如下：</p>&

27、lt;p>　　·交易程序和系統(tǒng)在設計時，要防止單個雇員或業(yè)務外包的服務供應商單獨進入、授權(quán)和完成一筆交易。</p><p>　　·錄入初始靜態(tài)數(shù)據(jù)（包括網(wǎng)頁內(nèi)容）的人員和負責復核完整性的人員之間職責分明。</p><p>　　·應該對電子銀行系統(tǒng)進行測試，以確保職責分解不會被省略。</p><p>　　·電子銀行系統(tǒng)的開

28、發(fā)人員和管理人員之間，職責要分明。</p><p>　　原則7：銀行應確保對電子銀行系統(tǒng)、數(shù)據(jù)庫和應用程序擁有適當?shù)氖跈?quán)控制和進入特權(quán)制度。</p><p>　　為了保證職責分解，銀行需要嚴格控制授權(quán)和進入特權(quán)。如果不能進行足夠的授權(quán)控制，某些個人就可能會修改他們的權(quán)限，規(guī)避職責分解和進入未經(jīng)特許授權(quán)的電子銀行系統(tǒng)、數(shù)據(jù)庫或應用程序。</p><p>　　在電子銀行

29、系統(tǒng)中，銀行內(nèi)的授權(quán)和進入權(quán)力的認定，可以采取集中的方式，也可以采取分散的方式。為了進行有效的授權(quán)控制，有必要對這些數(shù)據(jù)庫加以保護，避免被篡改或毀損。</p><p>　　數(shù)據(jù)的完整性是指，確保傳遞或儲存的信息，在沒有授權(quán)的情況下不能被修改。如果不能維持交易、記錄和信息等數(shù)據(jù)的完整性，銀行就可能蒙受經(jīng)濟損失或承受重大法律和聲譽風險。</p><p>　　電子銀行直通程序的固有特征，可能使得

30、計算機編程出現(xiàn)錯誤并導致欺詐行為難以在早期階段被發(fā)現(xiàn)。因此，銀行在實施直通處理程序時，很有必要確保安全、穩(wěn)健和數(shù)據(jù)完整性。</p><p>　　由于電子銀行的交易是通過公共網(wǎng)絡進行的，所以這些交易容易出現(xiàn)數(shù)據(jù)毀損、欺詐和記錄篡改等問題。因此，銀行應該確保擁有適當?shù)拇胧?，保證通過互聯(lián)網(wǎng)傳輸?shù)?、儲存于銀行內(nèi)部數(shù)據(jù)庫或通過代表銀行提供服務的第三方傳輸/儲存的電子銀行交易、記錄和信息等數(shù)據(jù)的準確性、完整性和可靠性。在電子

31、銀行環(huán)境中，確保數(shù)據(jù)完整性的共同做法包括：</p><p>　　·電子銀行業(yè)務在交易的整個過程中，要確保數(shù)據(jù)被篡改的可能性極小。</p><p>　　·電子銀行業(yè)務記錄的儲存、進入和修改，要確保數(shù)據(jù)被篡改的可能性極小。</p><p>　　·電子銀行交易和記錄程序在設計時，應該杜絕未經(jīng)授權(quán)的修改逃避監(jiān)控。</p><

32、p>　　·應該擁有包括監(jiān)控和修改步驟在內(nèi)的足夠修改控制政策，以避免電子銀行系統(tǒng)受到任何可能損害其控制措施或數(shù)據(jù)可靠性的有意或無意的修改。</p><p>　　·通過交易處理、監(jiān)控和記錄職能，可以發(fā)現(xiàn)對電子銀行交易或記錄的任何篡改。</p><p>　　原則10：銀行應該采取適當?shù)拇胧?，對關鍵的電子銀行業(yè)務信息進行保密。保密措施應該與傳輸和/或數(shù)據(jù)庫中所儲存信息的敏

33、感性相適應。</p><p>　　保密就是要保證銀行對關鍵信息的獨占性，其他未經(jīng)授權(quán)者無法查看或使用這些關鍵信息。誤用或未經(jīng)授權(quán)而公開披露這些信息可能給銀行帶來聲譽和法律方面的風險。電子銀行的出現(xiàn)，使得銀行的安全問題更加突出，因為通過公共網(wǎng)絡傳輸?shù)男畔⒒蚴菙?shù)據(jù)庫中存儲的信息，可能被未經(jīng)授權(quán)者或不當?shù)娜双@取，或者信息被使用的方式違反了客戶提供信息時的意愿，這些都會增加銀行的風險。此外，銀行越來越多的使用服務供應商，

34、也增加了銀行關鍵數(shù)據(jù)泄密的可能性。</p><p>　　為了做好對電子銀行關鍵信息的保密工作，銀行需要確保：</p><p>　　·銀行的保密數(shù)據(jù)和記錄，只有經(jīng)過適當授權(quán)和身份認證的個人、代理或系統(tǒng)才能獲取。</p><p>　　·銀行的保密數(shù)據(jù)，在通過公共、私人或內(nèi)部網(wǎng)絡傳輸過程中，應確保其安全，避免被未經(jīng)授權(quán)者偷看或修改。</p>