Skip to Content
Whole SectionText only Print Print Manager Link

OB-1.1.6

Operational risk in AISPs' and PISPs' activities include the risk of loss of confidential customerG data, financial loss or reputational loss resulting from inadequate or failed internal processes, people, technology and systems, or from external events including risks of internal and external frauds and cyber threats. In assessing potential operational risk, the following are some of the factors that may affect the licensee's risk exposure:

(a) Lack of governance, board and management oversight;
(b) Inadequate internal controls;
(c) Insufficient transaction monitoring;
(d) Failure of information technology through breakdown, incompatibility of legacy systems and poor scalability, poor security, etc.;
(e) Failure or insufficient cyber and information security controls;
(f) Failure of processes and procedures;
(g) Internal and external fraud;
(h) Legal risks;
(i) Outsourcing risk;
(j) Business continuity and disaster recovery; and
(k) Reputational risks.
Added: December 2018
 Versions
(1 Version)
 
Dec 1 2018 onwards
Back to top