Call Now

Get The App


CBS Risks, Security Policy & Controls

  • Operational Risk: It is defined as a risk arising from direct or indirect loss to the bank which could be associated with inadequate or failed internal process, people and systems.



The components of operational risk include


  • People risk arises from lack of trained key personnel, tampering of records and unauthorized access.
  • Processing risk arises because faulty computations or reporting.


  • Legal Risk arises because of the treatment of clients, the sale of products, or business practices of a bank.
  • Credit Risk: It is the risk that an asset or a loan becomes irrecoverable in the case of default, or the risk of an unexpected delay in the servicing of a loan.
  • Market Risk: Market risk refers to the risk of losses in the bank’s trading book due to changes in equity prices, foreign-exchange rates, commodity prices etc.
  • Strategic Risk: Strategic risk, sometimes referred to as business risk, can be defined as the risk that earnings decline due to a changing business environment, for example new competitors or changing demand of customers.
  • Compliance Risk: Compliance risk is exposure to penalties an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.


  • Ownership of Data/ Process: Data resides at DC. Establish clear ownership.
  • Authorization process: Anybody with access to the CBS, including the customer himself, can enter data directly. What is the authorization process?
  • Authentication procedures: These may be inadequate and hence the user entering the transaction may not be determinable or traceable.
  • Maintaining response time: Maintaining optimum response time and up time can be challenging.
  • User Identity Management: This could be a serious issue. Some Banks may have more than 5000 users interacting with the CBS at once.
  • Access Controls: Designing and monitoring access control is an extremely challenging task.
  • Incident handling procedures: Incident handling procedures are used to address and manage the aftermath of a security breach or cyberattack.
  • Change Management: Though Change management reduces the risk that a new system or other change will be rejected by the users.

Explore All Chapters