Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/36200
|
| Title: | 銀行作業與服務委外的管理與監理
The Supervision and Management of Banking Outsourcing |
| Contributors: | 黃仁德
王俊傑
Wang, Chun-Chieh |
| Keywords: | 委外 |
| Abstract: | 將銀行作業與服務委託予他人代為處理已是銀行為節省成本及改善作業與服務流程的最佳工具之一。目前的銀行愈來愈依賴各種委外模式,尤其是近年來美國與歐洲國家銀行委外大幅的成長,也帶動亞洲國家銀行競相仿效此一模式來促進經營效率與整體生產力,惟在享受委外的優點與利益之時,卻也帶給銀行諸如網路、交易、信譽等多種風險,本文舉出銀行於作業與服務委外過程中實際所發生的風險,讓銀行能更瞭解將作業與服務委外給委外供應者後可能面臨的重大風險。
隨著委外的趨勢、種類、對象、地區等愈趨多樣化,單純僅靠契約的管理是不足的,銀行管理階層需視自身的業務規模、財務、人力、及委外複雜性,利用契約管理系統、合格供應者排序管理的內部網站、採購至付款系統、勞務標準協定、主要承包商或委外供應者內部間作業協定的使用等管理工具,來協助做委外的管理。
藉由各國際金融組織與美國、英國、德國、新加坡等各國監理機關發布的監理與管理原則及國際大型金融機構的管理實務介紹,銀行對於作業與服務委外的監理與管理重點應聚焦於銀行董事會或相當層級的單位應負責核定周詳的委外作業與服務規章並承擔起相關責任;銀行應遵守監理機關禁止委外的事項;重要的業務委外時應慎重考量,並充分通知監理機關且獲得核准;應制定政策以管理整個委外過程及委外相關風險;委外應該遵照正式且週延的契約來進行及確保將勞務標準協定納入,並應要求委外供應者必須遵守保護機密資訊的責任;及應建立監理機關可由委外供應者處取得相關資料的管道與有對委外供應者執行實地檢查的權利。
在海外地區委外及內部稽核功能委外兩個比較特殊的課題上,海外地區委外要注意國家風險及法令遵循風險等獨特的風險,務必做到母國監理機關可保有監理的權利;內部稽核功能委外要避免獨立性被質疑的問題,簽訂委外契約時應注意做到委外供應者不能執行銀行的管理功能與作管理決策,或行為如同銀行的員工。
透過美國銀行作業與服務委外監理實務的介紹,委外業務監理的重點應放在確認妥適的檢查範圍、評估銀行委外安排的風險大小、評估銀行風險管理品質、溝通缺失並討論導正措施、委外需求定義、審慎查核、委外契約、及監督委外供應者關係等檢查目標上。
最後,為了從激烈的金融競爭環境中脫穎而出,銀行董事會及高階管理階層應從確認委外需求、辨識委外風險、慎選委外供應者、至妥適管理委外供應者的每一階段都審慎以對;監理機關則應以風險導向的監理方式來檢視銀行的作業與服務委外,尤其應特別注意消費者保護及資訊保密的議題,如此方能創造成功的銀行作業與服務委外。
Outsourcing arrangements can help banks manage costs, obtain necessary expertise, expand customer product offerings, and improve services. While outsourcing to affiliated or nonaffiliated entities, it also introduces risks that financial institutions should address.
On supervising or managing outsourced activities of bank, regulator and bank should focus on the board of directors and senior management are responsible for understanding the risks associated with outsourcing arrangements and ensuring that effective risk management practices are in place. Once the bank has completed its risk assessment, management should evaluate service providers to determine their ability, both operationally and financially, to meet the institution’s needs. Contracts should be clearly written and sufficiently detailed to provide assurances for performance, reliability, security, confidentiality, and reporting. Banks should implement an oversight program to monitor each service provider’s controls, condition, and performance.
On offshore outsourcing, the bank should conduct adequate due diligence, manage risks appropriately, comply with applicable laws, and ensure access to critical information with respect to the services being provided by a foreign-based third party. Examination focus should be on the results of the bank’s due diligence, risk assessment, and ongoing oversight program as well as the internal and/or external audits arranged by the service provider or the bank. If warranted, the regulator may examine a bank’s outsourcing arrangement with a foreign-based service provider. If the provider is a regulated entity, then the regulator may arrange through the appropriate foreign supervisor(s) to obtain information related to the services provided to the bank, if significant risk issues emerge, to examine those services.
Work traditionally carried out by internal auditors of the bank is now done by independent public accounting firms and other outside professionals on audit outsourcing arrangement. However, potential conflicts of interest may arise if the outsourced auditing firm performs audit functions in addition to other audit services, such as providing the independent financial statement. To avoid this, accounting firms and other outside professionals should not act or appear to act in a capacity equivalent to a member of the client’s management or as a client employee.
On United States examination practice of outsourcing, key points of examination objectives are that determine the appropriate scope for the examination, evaluate the quantity of risk present from the institution’s outsourcing arrangements, evaluate the quality of risk management, discuss corrective action and communicate findings, determine requirements definition, due diligence, service contract, and monitoring service provider relationship(s). |
| Reference: | 李佳蓉(2004),〈銀行業資訊系統委外夥伴關係品質之研究〉,中正大學資訊管理學研究所碩士論文。
孫克仲(2003),〈銀行資訊委外的動機及技術執行〉,台灣大學商學研究所碩士論文。
周樹林(2006a),〈美國資訊委外服務市場發展趨勢〉,2007/1/5 retrieved from http://www.cpro.com.tw.
周樹林(2006b),〈Offshore資訊委外服務市場前瞻〉,2007/1/5 retrieved from http://www.cpro.com.tw.
American Society Radiologic Technologists (2005), Supplier Program.
Aldhizer III, G. R., J. D. Cashell, and D. R. Martin (1996), “ Internal Audit Outsourcing,” CPA Journal, October. 2006/9/3 retrieved from http://www.nysscpa.org/ cpajournal/ 1996/ 1096/ features/ Outsourcing.htm.
Audrain, S. C. and K. Proctor (2004), “Managing Vendor Risk: Using Effective Service Level Agreements,” 2007/5/3 retrieved from http://www.brintech.com/Knowledge_Center/PDF.
BaFin (2001), “Outsourcing of Operational Areas to Another Enterprise Pursuant to Section 25a (2) of the Banking Act,” November. 2006/12/9 retrieved from http://www.bafin.de/rundschreiben/93_2001/rs11_01en.htm.
Bartels, A. and A. Parker (2006), “ Teleconference European IT Spending Forecast, 2006-2007,” 2007/5/3 retrieved from http://www.forrester.com/Events/Content/0,5180,-1432,00.ppt
Basel Committee on Banking Supervision (2005), “Outsourcing in Financial Services,” Basel Report, February, pp. 1-22.
Bonnette, C. A. (2001), “Managing Technology Risk When You Outsource,” 2006/9/3 retrieved from http://www.bankersonline.com.
Committee of European Banking Supervisors (2006), “Standards on Outsourcing,” Consultation Paper, April, pp. 1-13.
Eastwood, G. (2004), The Financial Services Outsourcing Outlook: Fast Growth Markets,Opportunities and Competitive Strategies. Monaca: Business Insights.
FDIC (2004), Offshore Outsourcing of Data Services by Insured Institutions and Associated Consumer Privacy Risks.
FDIC (2001a), “Effective Practices for Selecting a Service Provider,” June 4, pp. 1-5.
FDIC (2001b), “Tools to Manage Technology Providers’ Performance Risk: Service Level Agreements,” June 4, pp. 1-7.
FDIC (2001c), “Techniques for Managing Multiple Service Providers,” June 4, pp. 1-4.
Federal Reserve Board (2001), Standards for Safegarding Customer Information, SR 01-15.
Federal Reserve Board (2000a), Outsourcing of Information and Transaction Processing, SR 00-4.
Federal Reserve Board (2000b), Information Technology Examination Frequency, SR 00-3.
Federal Reserve Board (1998), Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking Organizations, SR 98-9.
FFIEC (2004), Information Technology Examination Handbook (updated).
FFIEC (2000), “Risk Management of Outsourced Technology Services,” September 28, pp. 1-15.
FRB, FDIC, OCC, and OTS (2003), Interagency Policy Statement on the Internal Audit Function and Its Outsourcing.
FSA (2007a), Interim Prudential Sourcebook for Banks (revised).
FSA (2007b), “Operational Risk: Systems and Controls ,” Senior Management Arrangements, Systems and Controls, May, Section 8/ Section 13 (revised).
FSA (2007c), Supervision.
FSA (2005), Senior Management Arrangements, Systems and Controls.
FSA (2001a), Interim Prudential Sourcebook for Banks.
FSA (2001b), Regulatory Processes Manuals (Authorisation, Supervision, Enforcement and Decision Making) and Threshold Conditions.
FSA (2001c), Integrated Prudential Sourcebook.
Hallett, K. V. and H. R. Stastney (2003), “Regulators Issue Joint Policy Statement on Internal Audit Outsourcing,” 2006/9/3 retrieved from http://library.findlaw.com/2003/May/1/132902.html.
Matsumoto, S. (2006), Japan IT Outsourcing 2006-2010 Forecast Update. Framingham: IDC.
McPherson, A., S. Yadav, and R. Ravi (2006), U.S. Financial Services Payments Business Process Outsourcing 2006-2010 Spending Forecast and Analysis. Framingham: IDC.
Minton, S., J. Orozco, and A. Toncheva (2006), Asia/Pacific (Excluding Japan) IT Outsourcing 2006-2010 Forecast and Analysis. Framingham: IDC.
Monetary Authority of Singapore (2005), “ Guidelines of Outsourcing,” 2007/5/1 retrieved from http://www.mas.gov.sg.
OCC (2003), Internal and External Audits.
OCC (2002), Bank Use of Foreign-Based Third-Part Service Providers: Risk Management Principles, OCC 2002-16.
OCC (2001), Third-Party Relationships: Risk Management Principles, OCC 2001-47.
OTS (2004), “Oversight by the Board of Directors,” Thrift Activities Regulatory Handbook , November, Section 310.
Outsourcing Institute (2002), Fifth Annual Outsourcing Index.
PricewaterhouseCoopers (2005), “Internal Audit Services Outsourcing,” 2006/10/17 retrieved from http://www.pwcglobal.com.
Shankar, V. (2006), “A Compendium of Case Studies,” Bank Outsourcing Management, 1:3, pp. 1-8.
Takahashi, S., E. Davis, A. Parker, and O. King (2006), “European Business Process Outsourcing Spending Forecast: 2006 to 2011,” 2007/5/3 retrieved from http://www.forrester.com/Research/Document/Excerpt/0,7211,39384,00.html
Willcocks, L. P. and M. C. Lacity (1999), “ IT Outsourcing in Insurance Services: Risk, Creative Contracting and Business Advantage,” Information Systems Journal, July, pp. 163-180. |
| Description: | 碩士
國立政治大學
行政管理碩士學程
92921049
95 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0929210492 |
| Data Type: | thesis |
| Appears in Collections: | [行政管理碩士學程(MEPA)] 學位論文
|
Files in This Item:
| File |
Size | Format | |
|---|
| index.html | 0Kb | HTML2 | 272 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
