ESTRATEGIA 7 – ASOCIACIÓN DE CONTENIDOS 122

The state of IT implementation and IT supervisory framework in SEACEN member countries raises issues and challenges that need to be addressed by the efforts taken by the individual countries as well as by concerted efforts from all the SEACEN member countries. IT risk is an integrated part of the overall risks that a financial institution runs in conducting its business. However, the heterogeneity in the IT implementation and the state of IT supervisory frameworks of SEACEN member countries present different sets of issues to the three different groups of countries identified earlier. This research study identifies some common issues and challenges faced in the region, although the intensity levels can be different across countries. The levels of IT implementation in this section refer to the three different levels of IT implementation found in the region described in the beginning of section 3.4.

4.1 Issues

4.1.1 The Lack of IT Awareness

IT awareness is related to the awareness by the banking society (banks and bank customers) and bank supervisors. In the case of countries in level 1 of IT implementation, this issue is related to the awareness of bank customers about the mechanism of IT-supported products, and the risks that they are facing when they do not put sufficient emphasis on the IT security aspect of the products and ensure the privacy and integrity of their own financial information. Countries in the level 2 IT implementation are more concerned about the awareness of banks on the standards of their IT practices and the awareness of the bank supervisors about the inherent risk in the IT implementation by banks. The lack of IT awareness leads to the negligence of IT risks that can potentially cause IT failure that may halt operations resulting in repair, recovery and opportunity cost.

31

4.1.2 Higher Level Legal Base

Efforts to increase the level of a legal framework on IT practices are still needed. This is a requirement for all countries for the effective enforcement in implementing good IT governance as well as preventing irresponsible behaviour related to IT implementation. A stronger legal infrastructure provides a stronger foundation in enforcing the IT supervisory framework and promotes IT awareness in society. For countries that have not established their IT supervisory frameworks, the law on IT practices in the country can become the foundation for their IT supervisory frameworks.

4.1.3 The Development of IT Infrastructure

The development of IT infrastructure is also an issue that needs to be addressed continuously. For countries with level 1 IT implementation, the development of IT infrastructure will be focused on the provision of a more efficient and cheaper communication service and payment system without sacrificing the integrity and security of the systems. For countries in level 2 and 3, the development will be focused on the provision of communication technology that can support the inter-bank network and connection to bank customers. This includes having an effective IT-supported national payment system and RTGS.

4.1.4 The Heterogeneity of IT Implementation

The heterogeneity of the IT implementation within one country as well as across countries in the region raises the issue of compatibility among IT systems of SEACEN financial institutions. This also raises an issue of having a minimum standard for IT implementation in the region. The different levels of IT implementation also requires different intensities of IT supervision.

4.1.5 Improvement of IT Security

IT security is always an important aspect in IT implementation by financial institutions. Countries in group 2 and 3 still have some ways to go to before the quality of their IT security meets best practices. Countries in group 1 are focusing on the more sophisticated methods for IT security since the financial institutions in these countries are becoming more dependent on IT systems.

4.1.6 Enforcement of IT Good Governance

Enforcement of IT risk management in the financial institutions is another issue faced by the countries in review. Countries in group 1 are focusing on enforcement of their IT supervisory frameworks, while countries in group

2 are incorporating IT examination in their bank supervision practices and improving their IT supervisory framework. Enforcing IT risk management will help increase IT good governance by financial institutions.

4.2 Challenges

1. Bringing IT implementation in SEACEN financial institutions to a level playing field.

Given the state of IT implementation in SEACEN member countries, bringing the IT implementation by SEACEN financial institutions to a level playing field becomes a challenge. This challenge becomes even more urgent with the plan to initiate the ASEAN Economic Community in 2015. The strong relationship amongst the SEACEN member countries makes it possible to promote IT awareness in the region and spillover of knowledge of IT implementation to accelerate the process.

2. Establishing effective prudential regulations in IT implementation

The competition amongst financial institutions in implementing IT can create a kind of “euphoria” in IT development with disregard to issues of security and integrity which can lead to reckless IT practices. Central banks, as the banking authorities, are challenged to implement effective prudential regulations to ensure IT risks can be controlled. In this way, the benefits of IT implementation can be gained without sacrificing the integrity of the financial institutions.

3. Improving IT risk management

The challenge to improve IT risk management in the region with or without formal IT supervisory frameworks is always there in any country. Central banks should also take advantage of the availability of standards and best practices for IT management and security in designing and improving their IT supervisory framework. Learning from the strengths and weaknesses of the frameworks implemented in other countries is also essential. This can be encouraged in the SEACEN region, since there are already countries with established IT supervisory frameworks and thereby able to share their experiences in designing their frameworks.

4. Keeping up with the global financial market

The increasing integration of the global financial market has made cross border e-banking products additional services offered by banks with sophisticated IT system. By implementing standardised IT system, banks

33

can better mitigate the additional IT risks which stem from the cross border e-transactions. These risks involve the system compatibility and information integrity with the use of international telecommunication channels. However, banks have to also consider the additional country risk added to any cross border e-banking products. Local bank supervisors have to take the role of ensuring the local banks are incorporating the additional IT risks and country risk inherent in the cross border e-banking products within the overall bank’s risk management. In addition, bank supervisors also have to monitor the possibility of increasing risks in the cross border e-banking transactions given the different country risks and the development of the global financial market conditions faced by the local banks.