Remarks by John D. Hawke, Jr. Comptroller of the Currency Before an International Monetary Seminar Paris, France February 5, 2001 In the early 1930s, the American humorist Will Rogers would solemnly tell his audience that there had been "three great inventions since the beginning of time: fire -- the wheel -- and central banking." That usually brought a big laugh. A decade earlier, when central banking was young in many countries -- including mine -- central bankers were hailed as soldiers of peace, international cooperation, and financial stability. But by the 1930s, those same central bankers were held in widespread contempt for passivity or complicity -- or both -- in the events that led to the Great Depression. By then, many central banks had been transformed -- not always against their will -- into instruments of economic nationalism and international rivalry that would soon plunge the world into war. Not until well after the restoration of peace did the central banks of the world reclaim the optimistic vision of that earlier age. Today Rogers' "three great inventions" would be regarded as nothing more than an exaggeration to make a valid point, and that's a tribute to the extraordinarily important role that central bankers play in ensuring a sound global economy. In times of political turmoil, the world can count on its central banks as anchors of calm and stability. Everyone may not appreciate it, but I know of no other institutions, public or private, that do more to advance the development of sound economies, high standards of living, and the dignity of all the world's people. From the beginning, it was understood that the goals of central banking could be best advanced through concerted action among central bankers. The formation of the Bank for International Settlements in 1930 was an important step in this direction. Today, as you know, we have a variety of mechanisms through which central bankers can draw on each other's expertise to address the pressing financial issues that confront us. From the perspective of bank supervisors, the establishment of the Basel Committee on Bank Supervision in 1974 was an event of scarcely less significance than the creation of the BIS itself. The Committee was formed in response to the growing internationalization and interdependence of the world's financial markets -- a trend that lends even greater urgency to its work today. Under its auspices, great progress has been made in improving supervisory understanding and the quality of bank supervision worldwide. The Committee pursues these goals in three principal ways: by improving the effectiveness of techniques for supervising international banking; by exchanging information on national supervisory arrangements; and by setting minimum supervisory standards in areas where they are considered desirable. In recent years, the Committee has actively expanded its links with supervisors in non-member countries, with a view to strengthening prudential supervisory standards in all the major markets. Initially, the Basel Committee's posture was primarily reactive; its goal was to ensure a coordinated response to the spillover effects of multinational bank failures. Today, in keeping with modern supervisory theory, it aims to avert crisis. Thus, the Committee focuses on studying risk management, disseminating its principles among bankers and bank supervisors, and identifying areas of rising and emerging risk so that national supervisors can take early and effective action. The best -- and best-known -- example of the Committee's response to risk is its continuing work on capital standards. The Committee was persuaded to tackle the subject back in early 1980s not only by the erosion in the capital ratios of major international banks, but also by cross-border concerns -- that capital requirements in some countries were being manipulated to lend a competitive advantage to banking organizations located in those countries. The landmark Capital Accord of 1988 addressed many of these concerns. Since then, the Accord has been frequently updated and amplified, with the most recent proposals for revisions having come just last month. But though much has changed, the fundamental principles embodied in the original Accord -- that supervisory standards regarding capital should be harmonized around the world and that all internationally active banks in the G-10 countries should meet certain minimum requirements -- have been repeatedly reaffirmed. In some ways, electronic banking -- e-banking, for our purposes -- epitomizes the supervisory challenge that the Basel Committee was created to address. The technology on which it is based is inherently transnational. One of its very purposes is to give the banks that employ it the ability to offer products and services to customers wherever they might be located, without regard to national borders. The issue that's presented for supervisors and policy makers is how such offerings can or should be regulated in this transnational environment. It should be obvious that if every jurisdiction into which an e-banking offering was broadcast attempted to regulate the offering, or the offerer, the major benefit of the new technology could very quickly be lost. One is tempted to say that if no mechanism existed for coordinating bank supervision internationally, one would have to be invented to deal with the challenge that e-banking presents. Although e-banking was an exceedingly negligible presence in the overall financial marketplace in 1998, the fundamental characteristics I've just mentioned, as well as a recognition of its future promise, led the Basel Committee to conduct a preliminary study of its risk management implications. That study demonstrated a clear need for more work in the area, and the mission was entrusted to a group formed for the purpose, the Electronic Banking Group, or EBG, which it's my honor to head. The EBG membership comprises 17 central banks and bank supervisory agencies from the G-10, along with observers representing the European Central Bank, the European Commission, and, most recently, bank supervisors from Australia, Hong Kong, and Singapore. One of the EBG's first orders of business was to inventory and assess the major risks associated with e-banking. Those risks, we concluded, fall into six broad risk categories: strategic risk, legal risk, operational risk, country risk, reputational risk, and, finally, credit, market, and liquidity risk. Let me elaborate briefly on each. E-banking is undergoing constant and rapid change, and this intensifies strategic risk for many banking organizations. Historically, banks would gradually roll out new products and services only after in-depth testing. Today, however, banks face competitive pressures to introduce new e-banking applications in very compressed time frames -- often no more than a few months from concept to production. It's the responsibility of bank directors and bank managers to ensure that adequate strategic review has been conducted before the activity commences. As I've already noted, e-banking gives financial institutions unprecedented ability to serve customers across national borders. But in reaching out to these customers, banks also face unprecedented complexities arising from differences in legal and regulatory environments, including different consumer protection laws, record-keeping and reporting requirements, privacy rules, and money laundering laws. E-banking institutions -- and their primary regulators -- have to find ways to effectively manage these legal risks. Verifying the legitimacy of customer communications, transactions, and access requests is an essential part of the e-banking business. Banks must therefore build adequate authentication capabilities into their electronic systems. Failure to authenticate e-banking users can expose a bank to operational risk, fraud, or unknowing involvement in criminal activity. In an effort to bring e-banking products rapidly to market, many institutions that lack the in-house technology base to do so on their own have formed partnerships with other financial institutions and technology vendors both inside and outside their home countries. While these partnerships are often successful, banks must be aware of the possibility of increased operational risk that could result from the loss of risk management and control. It's critical that banks conduct comprehensive and ongoing oversight of all outsourced and third party dependencies that could have a material impact on its operations. Any firm, financial or otherwise, doing business abroad faces country risks associated with unforeseeable changes in the economic, social, or political climate that could disrupt service. Different compliance and regulatory requirements, labor unrest, political instability, and currency fluctuations are just a few of the country risks that cross-border e-banking poses. Reputational risk refers to the damage that can occur when a bank is unable to deliver on its service commitments. This can include failing to adequately meet customer account needs or expectations, unreliable or inefficient delivery systems, untimely responses to customer inquiries, or violations of customer privacy. Finally, there are the credit, market, and liquidity risks associated with rapid expansion through electronic channels into new markets; with making loans over the Internet to applicants whose credit history may be reported in unfamiliar ways or not at all; and with the potential for greater funding volatility related to reliance on price-sensitive deposits obtained through the Internet. It should be noted that none of these risks are unique to e-banking. They apply to all banking organizations, and each has been addressed in previous risk management initiatives of the Basel Committee. But these risks are all magnified in a technology-intensive environment. The EBG's catalogue of e-banking risks -- and the all-important question of how bankers and bank supervisors might best respond to those risks -- have largely defined the EBG's agenda over the past year. It's been a year of intensive research and study. We initiated an ambitious outreach and communication program with prominent private sector institutions active in e-banking developments and activities, including financial institutions, third party service providers, and vendors. A series of Industry Roundtables, held in North America, Europe, and Asia, have allowed the EBG to obtain invaluable insight and information regarding e-banking risk issues, current strategic and product developments, and emerging risk management standards. It's been a lively and productive year. Now, after digesting all that we've learned, the EBG has prepared a report entitled "Principles for Risk Management of Electronic Banking," which is in final draft and will be released for comment later this month. The theme of the report is that e-banking should be conducted with no less attention to the fundamentals of safety and soundness than banking activities conducted through traditional delivery channels. Our report presents 14 risk management principles, organized under three headings: Board and Management Oversight; Security Controls; and Legal and Reputational risk management. In preparing this guidance, we have tried to be as specific as possible in alerting financial institutions and their supervisors to the nature of the risks they face in the e-banking environment and in suggesting sound practices to manage these risks. But we have also been mindful of the fact that each e-banking situation is different and may require its own customized approach to risk mitigation. Our expectation is that bankers will put these principles to use as they develop policies and procedures to govern their e-banking activities. This expectation is embodied in principle number one. Permit me to read it verbatim: "The Board of Directors and/or senior management should establish effective management oversight over the risks associated with e-banking activities, including the establishment of specific accountabilities, policies, and controls to manage those risks. In addition, e-banking risk management should be integrated within the institution's overall risk management process." I should tell you that it was no accident that this particular principle wound up at the top of our list. After all is said and done, management recognition of the risks inherent in e-banking and support for a supportive risk management environment is fundamental if the specific risks that are addressed in the other 13 principles are to be properly controlled. While this report should be very useful to financial institutions "going electronic," the manner in which the study was prepared -- and in which current EBG initiatives are being conducted -- may prove to be just as auspicious a development for the future of e-banking. Experience teaches us that achieving the right kind of international consensus can be a painstaking and time-consuming process. The pace of developments in e-banking has required the EBG to bring our work to the attention of the banking community in a timely way, without compromising the breadth and depth of the consultation and outreach that has gone into it. I'm proud of the way that the group and our staff have met this challenge. We shall continue to consult methodically with the industry, with our supervisory counterparts, and with other interested parties as the EBG continues to explore the ramifications of e-banking. Having developed risk management principles for e-bankers, we are now hard at work on guiding principles for cross-border cooperation among bank supervisors. We know that if e-banking is to proceed relatively unimpeded and deliver the benefits we anticipate, host country supervisors will need to achieve a high level of comfort with home country supervision. The alternative, new laws and regulations governing e-banking in each country in which it is conducted, would impose a heavy burden on innovation. The goal of the EBG's ongoing work in this area is to avoid such an outcome and allow e-banking's promise to be fulfilled in a safe and sound manner. In keeping with this emphasis on consultation, I would like to conclude my remarks by reporting to you on another promising initiative. Last year I had the pleasure of participating in a meeting with our colleague Mr. Andrew Crockett, chairman of the Financial Stability Forum, to discuss how the broad community of financial supervisors, including the insurance and securities regulators, might exchange information on e-finance activities within their respective spheres. It was agreed that we would set up an informal Contact Group for E-finance, which would facilitate the exchange of information across the various financial sectors and promote discussion of the possible systemic implications of e-finance activities. Andrew asked me to chair this group. Our aim is not to duplicate work underway in the EBG or its counterparts in any other organization, but simply to share information and continue the process of consultation and coordination that is so necessary and that has already been so fruitful. It was in that spirit that I wanted to share my thoughts with you this evening. Will Rogers, whom I quoted at the outset of these remarks, had no more use for after-dinner speakers than he had for bankers. He called them "the two most nonessential industries we have." The thought of a banker -- or a bank supervisor -- doubling as an after-dinner speaker would surely have filled him with dread. I have tried this evening to do nothing that would have justified his apprehension, and I appreciate your bearing with me in this effort.