News
How is Banking Risk Management Applied in BRIAPI Open Banking?
In implementing the development of banking services, one thing that cannot be overlooked for banks to apply is banking risk management. Then, how is the application of banking risk management in BRIAPI services?
With the existence of open banking, banks also need to continue to carry out banking risk management, so that bank security and customer security are maintained. In this article, we will discuss banking risk management and open banking systems.
Definition of Banking Risk Management
In the realm of economics and business, we are familiar with various things associated with "management". Starting from financial management, human resource management, financial management, logistics management, and marketing management. All of these types of management are necessary for business continuity.
By definition, risk means unwanted things that are harmful or detrimental. This risk is closely related to uncertainty, so it is necessary to apply actions that are mitigation or prevention.
The Economic Times explains, risk management in the financial world is by first identifying potential risks, analyzing them, and taking preventive steps to reduce these risks.
From the two definitions above, it can be concluded that banking risk management is the practice of banking institutions to anticipate unwanted things from their financial services.
Banking risk management needs to include consent management (need approval from the customer and the customer can stop the approval), data management (data flow that occurs and who can access it), and security risk (there is a process of mitigating and overcoming security incidents).
Open Banking Risk
Digitalization in various banking lines provides various service conveniences for its users. However, on the one hand, the development of cyber services also poses a new risk.
Referring to IBM Security data, finance is one of the second sectors that are the main targets of cybercrime after the manufacturing sector. Where, 70% of them are targeting the banking sector.
Digital cannot replace brand image, trust, and service quality, so that in its implementation, digital transformation must also support these three aspects. Several important issues in digital transformation to safeguard these three aspects include privacy and cybersecurity.
Digital transformation allows various entities to be integrated with each other, especially in the open banking era, so that data exposure due to processing and exchange increases.
This also increases the risk of cybersecurity and fraud due to the large number of users and high traffic. Banks and various financial institutions also carry out a lot of integration with third parties (both API and partnership/convergence), which results in increased exposure due to the processing and exchange of customer Personal Identifiable Information (PII) data by many parties.
In addition, cell phone numbers have now become the backbone for all digital transaction activities. This makes the mobile number the most important identity, thus increasing the danger of SIM swap, number takeover, and even identity theft if the number is stolen.
BRIAPI Open Banking Service System
BRI itself already has an open banking service under the name BRIAPI. With this, you can do various services related to payments and transactions from BRI easily. Starting from direct debits, remittances, BRIVA, to all forms of checking balances, foreign exchange, and transfers, easily.
As the largest bank in Indonesia, BRIAPI prioritizes quality in providing its banking services. This development was carried out through the following efforts that have been carried out by BRI.
1. Providing the Best User Experience for Service Users
BRI makes it easy for users to transact as easily as possible. Apart from that, the integration method is easy and directed, has complete documentation, and is accompanied by a sandbox so that those who want to implement it can try it first.
2. Collaborating with Various Parties
Various digital and non-digital companies continue to work with BRI to provide integrated transactions. BRI participates in building a digital ecosystem on various sides, so that customers can make transactions through BRI in any application or service.
3. Maximizing Cyber Security
In its implementation, bank BRI prioritizes customer data security. This includes through mitigation, by supporting the Personal Data Protection Bill, adhering to national and international security standards, implementing eKYC which is practical but still layered so that it is safe.
In addition, when a cyber attack occurs, BRI has a Chief Information Security Officer (CISO) along with a Cyber Incident Response team who will take care of it if this happens.
BRI has also improved its prevention system for various types of fraud by building the BRIBRAIN system which is capable of providing an early warning system to customers for potential fraud and potential churn, as well as having an anti-fraud system.
Also read: Easy Transactions with the BRIAPI Direct Debit API
Application of Banking Risk Management in BRIAPI Open Banking
The following are several security system development efforts that BRI undertook to carry out banking risk management in the BRIAPI open banking system.
1. Implement National and International Security Certification and Standardization
Open banking allows the exchange of PII (personal identifiable information) data between banks and third party partners. For this reason, API operators need to comply with and implement security standards, both at the national and international levels.
BRIAPI open banking has complied with ISO 27001 certification since 2019. ISO 27001 is a set of globally recognized standard rules related to information security, including controls covering policies, processes, procedures, organizations, and IT infrastructure.
In addition, BRIAPI has also implemented security indicators according to Bank Indonesia regulations, namely SNAP BI (National Standard Open API Payment). SNAP BI is a technical, security, data to technical standard for the implementation of payment open APIs in Indonesia.
By complying with these various standards and certifications, BRIAPI can ensure that even if there is an exchange of PII data, the data is properly encrypted so that there will be no leakage to outsiders, keeping the banking system and its users safe from risk.
2. Periodically Implement Tests on Possible Cyber Risks
BRI always conducts testing related to possible cyber risks, within a certain period of time periodically. Various possible cyber intrusions are simulated.
All possibilities that could occur were anticipated. From the data and all risk factors, the system continues to be developed in order to improve the quality of BRIAPI's information technology system.
3. Form a Team that Specifically Handles Cyber Risk
BRI also has a special team to handle cyber risk affairs, namely the digital risk division. Together with the IT team, they collaborate and supervise the development of applications from BRI, including BRIAPI open banking services.
These are some of BRI's risk management steps related to Open Banking BRIAPI. By implementing both national and international security standards, BRIAPI can ensure that even if there is an exchange of PII data in the process, the entire data process is encrypted so that it will not leak to third parties, let alone outsiders.
Closing
Banking institutions must of course be customer-oriented in providing security for their banking services. BRI has mitigated risks that might occur, has a cybersecurity team, and has an incident response process. BRIAPI strives for optimal and balanced banking risk management and privacy principles.
Therefore, you don't need to hesitate anymore to use this open banking service from BRI to facilitate your business and financial operations. Want to know more about BRIAPI? Visit our main website here.