La présentation est en train de télécharger. S'il vous plaît, attendez

La présentation est en train de télécharger. S'il vous plaît, attendez

Séminaire dinitiation La banque à distance- Internet banking law Etienne Wéry Attorney at law at the Brussels and Paris Bars ULYS.

Présentations similaires

Présentation au sujet: "Séminaire dinitiation La banque à distance- Internet banking law Etienne Wéry Attorney at law at the Brussels and Paris Bars ULYS."— Transcription de la présentation:

1 Séminaire dinitiation La banque à distance- Internet banking law Etienne Wéry Attorney at law at the Brussels and Paris Bars ULYS law firm

2 Introduction Séminaire - 6 modules : Notions et mutations/convergences du secteur : features (I) Obligations dinformation: Know your customer- Anti-money laundering and the financing of terrorism-Special liabilities (II) Securité/security : internet fraud (III) Services financiers par internet et e-payments (IV) Contrats : Study case (V) Synthèse de droit européen (VI)

3 Module I Notions et mutations/convergences du secteur : features

4 Notions Internet banking refers to the use of the Internet as a remote delivery channel for banking services: –services include the traditional ones, such as opening an account or transferring funds to different accounts, and new banking services, such as electronic online payments (allowing customers to receive and pay bills on banks web site) or financial transactions (acquisition, transfer, sale of securities etc.). Characteristics of Internet banking include –the unprecedented speed of change related to technological and customer service innovation –the ubiquitous and global nature of the Internet –the integration of Internet banking applications with legacy computer systems, and –the increasing dependence of banks on third parties that provide the necessary information technology.

5 Notions (2) A bank can perform Internet activities in one or more of the following ways : –Informational: this is the basic level of Internet banking, marketing information about the banks products and services on a stand- alone server –Communicative : this type of Internet banking system allows some interaction between the banks systems and the customer (electronic mail, account inquiry, loan applications or static file updates (name and address changes)) –Transactional : this level of Internet banking allows customers to directly execute transactions with financial implications : basic transactional site only allows a transfer of funds between the accounts of one customer and the bank advanced transactional site provides a means for generating payments directly to third parties outside of the bank

6 Risks Risks associated with Internet banking –Consistency of technology –Compliance with corporate policies and legal requirements –Data and service availability, including business recovery planning –Data integrity, including providing for safeguarding of assets, proper authorisation of transactions and reliability of the data flow –Data confidentiality and privacy standards, including controls over access by both employees and customers

7 Risks (2) Security risks associated with Internet banking –Customer security practices / Authentication of customers –Nonrepudiation and accountability of transactions –Segregation of duties –Authorisation controls within systems, databases and applications –Internal or external fraud (See module III) –Data integrity of transactions, databases and records –Audit trails for transactions –Confidentiality of data during transmission –Third-party security risk

8 Mutations/Convergences The number of customers who choose online banking as their preferred method of dealing with their finances is growing rapidly. The day may come when cash will be obsolete. Phénomène de convergence For instance, banking via cellphone or PDA as the next option seemed impossible, but technology has already proved the skeptics wrong.

9 Module II Obligations dinformation Know your customer- Anti-money laundering and the financing of terrorism – special liabilities

10 Know your customer Due diligence or enhanced due diligence (EDD) to identify the clients and ascertain relevant information pertinent to doing financial business with them –Committee on Banking Regulations and Supervisory Practices of the G 10 : The Basle Statement of Principles covers all aspects of laundering through the banking system. –Customer Identification - "Know your Customer" (KYC). –Financial Action Task Force on Money Laundering (FATF) of G-7

11 Anti-money laundering All financial firms must demonstrate effective money laundering procedures To be compliant firms must provide sufficient Customer Information to prove customer identity for both new and existing clients as follows: –> Customer ID –electronic ID (who are they) –> Risk Assessment (country of origin, any political affiliation, movement of funds, etc) –> Validification (on any black lists) –> Existing customers need to be monitored in terms of their transactional behaviour

12 Combating the financing of terrorism Money laundering is the process where cash raised from criminal activities is made to look legitimate for re-integration into the financial system, whereas terrorist financing cares little about the source of the funds, but it is what the funds are to be used for that defines its scope. International Convention for the Suppression of the Financing of Terrorism (UN 1999) US Patriot Act European Regulation (EC) of 27 December 2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism United Nations Resolution (sanction and freezing of assets of terrorists) and Recommandations Groupe daction financière sur le blanchiment des capitaux (GAFI)

13 Liabilities Some specific legal issues related to secure electronic banking General duty of care in case of a professional service provider in the financial sector –role of service level agreements with key suppliers-outsourcing, industry standards and best practices –Basel Committee presented a document 'Risk Management Principles for Electronic Banking' (risk management principles and sound practices) Liability under Electronic Transfer of Funds legislations Impact of possible application of consumer legislation. Legal security obligations in case of personal data processing Legal security obligation for publicly available communications services US Sarbanes Oxley Act (SOX)

14 Module III Securité/security : internet fraud

15 Protection through password authentication not secure enough for personal online banking applicationspasswordauthentication Online banking user interfaces are secure sites generally employing the https protocol and traffic of all information - including the password - is encrypted : reduces possibility for a third party to obtain or modify information after it is sent.https Encryption alone does not rule out the possibility of hackers gaining access to vulnerable home PCs and intercepting the password as it is typed in (keystroke logging); danger of password cracking and physical theft of passwords written down by careless users.Encryption hackersPCskeystroke loggingpassword cracking

16 Internet fraud Second layer of securitysecurity –use of transaction numbers or TANs (single use passwords)TANs –use of two passwords, only random parts of which are entered at the start of every online banking session; –providing customers with security token devices capable of generating single use passwords unique to the customer's token (the two-factor authentication or 2FA);security tokentwo-factor authentication –using digital certificates, which digitally sign or authenticate the transactions, by linking them to the physical device (e.g. computer, mobile phone, etc).digital certificatesdigitally sign mobile phone Setting up a combination of controls that recognize a customer's computer, ask additional challenge questions for risky behavior, and monitor for fraudulent behavior. Increasingly criminal practice to gain access to a user's finances is phishing, whereby the user is persuaded to hand over thispassword(s) to a fraudster phishing

17 Exemple récent en Belgique Depuis 2005, il y a eu en Belgique 52 cas de comptes bancaires gérés via internet qui ont été pillés. Près de euros ont été soustraits des comptes. Pour la première fois en 2007, c'était l'œuvre du crime organisé, la mafia russe, s'est attaquée à trois banques belges. Pour la CBFA, il faut relativiser le phénomène : 52 cas alors que transactions sont réalisées quotidiennement via des comptes gérés à l'aide d'internet. De plus, les clients qui ont été victimes de fraude utilisaient tous des logiciels copiés. "Les gens doivent faire preuve d'un minimum d'hygiène en matière informatique". Depuis ces dernières attaques, les institutions visées ont pris des mesures de protection supplémentaires. Résultat : il n'y a plus eu de tentatives réussies en Belgique de pillage de comptes gérés via internet depuis le mois de juin. Les clients qui ont été victimes de cette fraude ont été remboursés.

18 Application Ecobank webiste study case: – Belgian Online Bank samples : – – _internet_2_.html _internet_2_.html – DirectNet/demonstrations.htm DirectNet/demonstrations.htm

19 Module IV Services financiers par internet et e- payments

20 Services financiers par internet : exemples belges et français - Architecture du droit des services financiers à distance en droit européen, belge et français - Définitions des services financiers et du contrat à distance - Prospection commerciale et techniques de communication à distance - Obligation dinformation et communication des conditions contractuelles - Droit de rétractation - Questions de DIP

21 Monnaie électronique- situation harmonisée au niveau européen Contrôle prudentiel : agrément et exemptions Transparence des conditions régissant les services de paiement Droits et obligations liés à la prestation et à lutilisation de services de paiement –Autorisation des opérations de paiement Consentement, surveillance, irrévocabilité, droit au remboursement, preuve, contestation, archivage, responsabilité –Exécution dune opération de paiement Acceptation et refus dun ordre de paiement, montants et commission, délai dexécution, disponibilité des fonds, date- valeur, problème dexécution

22 Module V Contrats : Study case

23 Module VI Synthèse de droit européen

24 SEPA Création dun espace unique des paiements en euros : Single Euro Payments Area Instruments de paiement SEPA –SCT ou SEPA Credit Transfer –SDD ouu SEPA Direct Debit –SCF ou SEPA Card Framework

25 MiFID MiFID (Markets in Financial Instruments Directive) : nouveau cadre réglementaire sur les marchés d'instruments financiers, objectif de promouvoir la prestation transfrontalière de services d'investissement, en instaurant un régime harmonisé dans tous les Etats membres, tout en renforçant la protection des investisseurs Know your customerThe directive, requires firms to update their client service processes in order to handle data for: –a) Customer classification (professional, non-professional, eligible counterpart) –b) Proof of information provided related to classification –c) Proof of management of situations of conflict of interest New rules of conduct.

26 MiFID (2) Customer order handlingBest execution, classification, driven order handling and transparent pricing. TransparencyFulfillment of real time and deferred reporting. Market data feed, pre-trade and post-trade transparency, customers' confirmations, information access for customers, and reporting to regulators Internal organization: investment firms are required to meet higher organizational standards, including new rules on the compliance functions, conflict of interests controls, record-keeping, safeguarding of money and assets, outsourcing arrangements, complaint handling mechanisms, personal transactions or inducements.

27 What next ? AML – EU 3rd Directive December 2007 MiFID III Basel II New e-payments directive

28 Litterature Internet : Journal of internet banking and commerce : Books : Internet Banking and the Law in Europe: Regulation, Financial Integration and Electronic Commerce, by Apostolos Ath. Gkoutzinis ( )

29 Thank you for your attention Belgium : Tel : +32 (0) / Fax : +32 (0) France : Tel +33 (0) / Fax +33 (0)

Télécharger ppt "Séminaire dinitiation La banque à distance- Internet banking law Etienne Wéry Attorney at law at the Brussels and Paris Bars ULYS."

Présentations similaires

Annonces Google