In order to effectively manage the risks in the foreign exchange market, banking financial institutions should strengthen the construction of the foreign exchange system and risk management information system. Through the construction of a foreign exchange system, improve the efficiency of foreign exchange, improve the efficiency of data exchange between bank financial institutions and customers, financial institutions and foreign exchange centers, and adopt appropriate security measures to ensure the integrity and availability of the foreign exchange system and transaction information. And confidentiality. Through the construction of foreign exchange risk management information system, collect foreign exchange data, establish a risk analysis model, and realize the statistical analysis of the current balance of major currencies under current assets, current liabilities, forward purchases, and long-term sales projects. To achieve effective management of the risk of speculation in the foreign exchange market.
In summary, the foreign exchange system and the risk management information system play an important role in improving the foreign exchange efficiency of banking financial institutions, improving market risk management capabilities, and reducing foreign exchange costs. However, the information system also has duality. With the dependence of banking financial institutions on computer information systems, the information system also brings certain risks to the foreign exchange process, mainly in the operational risk, that is, the failure of the computer information system or The risk of failure to speculate in foreign exchange. In addition to operational risks, failures and failures of information systems can also introduce legal and reputational risks to financial institutions. How to prevent the risk of operating the foreign exchange information system is one of the issues that the bank management and the regulatory authorities need to study.
(1) Mechanism for forming operational risk of foreign exchange information system
There are two broad categories of operational risk definitions, indirect and direct. The indirect definition defines operational risk as all risks except credit risk and market risk. JPMorgan’s definition of operational risk is a direct definition: operational risk is an endogenous risk factor in each company’s business and support activities, which manifests itself in various forms of error, interruption or cessation, which may result in financial loss. Or bring other damage to the company. The development of new technologies, especially the development of information technology and its wide application in the banking business, poses potential risks to banking financial institutions. For example, in the foreign exchange information system, some banking institutions use e-commerce technology, using Internet/Intranet, information encryption technology and other information technology to provide customers with an invisible trading platform, breaking the business boundaries of banking financial institutions, but also increased System operation risk. Specifically, the operational risk formation mechanism of the foreign exchange system includes the following aspects:
- Access control operational risk. There are two types of access to the foreign exchange system and the foreign exchange information. One is the physical access to the foreign exchange information processing equipment and the foreign exchange information, and the tape processing medium for deliberately processing the information processing equipment or the data during the physical access process. The destruction caused the disruption of the foreign exchange system, or the inability to continue to provide trading services, resulting in financial losses. The second is to logically access information processing equipment or transaction data, transaction functions, maliciously tamper with data, destroy data integrity, or falsify transaction records, modify transaction permissions, thereby causing financial losses to bank financial institutions.
- System operation and maintenance operation risks. Due to insufficient prediction of the future transaction volume and data volume growth of the system during the system development and design process, the transaction caused by the system data storage capacity, system network data exchange capability, and system processing capability decreased during the operation process. Bottlenecks and further affect the normal trading process of the system.
- Personnel operation risk. The personnel operation risk involves the risk of the intentional or unintentional misoperation of the foreign exchange personnel and system administrators to the trading system.
- System development and maintenance operational risks. In the system development process, due to certain loopholes in the data input, data processing, and data output processes, there are certain risks in the system operation process. In addition, during system deployment and operation, system user rights cannot be reasonably divided, and it is also easy to bring operational risks to the system. For example, system developers modify or deploy applications, or system development environments, and test in production environments. The environment and the production environment cannot be effectively separated.
(II) Countermeasures against the risk of operating foreign exchange system and management information system
In order to protect the foreign exchange system for customers, banking financial institutions should provide safe, reliable, real-time speculation of foreign exchange, to provide users with uninterrupted foreign exchange services, we must strengthen the management of system operation risks. Mainly from the following aspects to implement effective prevention of operational risks.
- Strengthening the construction of organizational structures is a prerequisite for preventing the operational risks of information systems. Information system operation risk prevention is the responsibility of management. The management should formulate an effective information system operation risk prevention strategy, establish an appropriate organizational structure, clarify the operational risk prevention responsibility, and provide organizational guarantee for the prevention of information system operations. With the help of external experts, or tracking the latest developments in the industry, timely improve and improve information system operation risk protection strategies, measures and means to improve the operational risk prevention capabilities of information systems. Strengthen internal communication and coordination within the organization, strengthen the internal operational risk assessment of the organization, and strengthen awareness and education on the risk prevention of relevant personnel within the organization so that the operating system risk prevention measures can be implemented. Audit the effectiveness of operational risk strategies and measures with internal or external independent audit departments.
- Strengthen personnel management and reduce the risks of fraud, theft, fraud, and improper operation of information processing equipment and information. The first is the recruitment process management, which conducts background checks on employees in key positions and signs confidentiality agreements. Similarly, a confidentiality agreement is required for temporary staff or contract personnel. The second is to strengthen the training of personnel, conduct user operation training on the trading system, and ensure that users use the system correctly.
- Strengthen access control management and restrict access by unauthorized users. The network layer, operating system layer, database system, and application system layer access control management are strengthened. According to the data sensitivity, the corresponding security authentication system and technology are adopted to ensure authorized users to legally access data and restrict unauthorized users from accessing data. Regularly evaluate and analyze the effectiveness of access security controls.
- Strengthen system development and operation and maintenance management, ensure the integrity and correctness of input in the system development process, ensure the correctness of the data processing process, and verify and properly authorize the output data. All in all, the banking financial institutions should assess the operational risks of the foreign exchange and risk management systems in a timely manner, and gradually improve the operational risk prevention measures in combination with the best practices of information system operation risk management to improve the operational risk management capabilities of information systems.