5. Information System Technology IT

Bank Indonesia has adopt ed t he f ollow ing provisions concerning IT: a. Banks may operat e t heir ow n IT syst ems or use out sourcing; b. If a bank operat es it ow n IT syst em , t he bank m an ag em en t sh al l b e r eq u i red t o ap p l y management cont rol and carry out t he IT int ernal au d it f u n ct io n in co m p lian ce w it h p revailin g regulat ions; c. If t h e IT syst em is o u t so u rced , in ad d it io n t o complying w it h t he provisions set f ort h in it em ii above, t he bank shall also evaluat e t he reliabilit y of t h e IT service p ro vid er an d p rep are a w rit t en agreement stating that Bank Indonesia may conduct examinat ion and deliver a copy of t hat agreement t o Bank Indonesia; d. Banks are required t o inf orm Bank Indonesia of any f undament al changes in t he use of IT.

6. Application of Risk M anagement for Commercial Banks

In line w it h t he rapid grow ing in t he ext ernal and int ernal environment of t he banking syst em and t he increasing complexity of business operation, banks are required t o apply risk management in an eff ect ive manner. Applicat ion of Risk M anagement shall encompass at least t he f ollow ing : ● Act ive supervision by t he Board of Commissioners and Board of Direct ors; ● Adequacy of policy, procedure, and est ablishment of limit s; ● A d eq u acy o f p ro cesses o f i d en t i f i cat i o n , measurement , monit oring and cont rol of risk and t he risk management inf ormat ion syst em; and ● Comprehensive int ernal cont rol syst em. For t he purpose of implement ing eff ect ive processes and syst em of risk management , banks are required t o est ablish : 100 a. A Risk M anagement Commit t ee t hat consist of at least t he majorit y of t he Board of Direct ors and relevant execut ive off icers. b. A Risk M anagement Unit that must be independent and shall be responsible direct ly t o t he M anaging Direct or or t o a specially assigned Direct or. Banks are also required t o disclose t o t heir cust omers t he risk inherent in new product s and act ivit ies.

7. Applicat ion of Risk M anagement in Int ernet Banking