University of Ghana http://ugspace.ug.edu.gh UNIVERSITY OF GHANA MANAGING THE RISKS OF ELECTRONIC BANKING: A COMPARATIVE STUDY OF LOCAL AND FOREIGN BANKS IN GHANA BY ABRAHAM BORTIEH SANGO (10636321) A LONG ESSAY SUBMITTED TO THE DEPARTMENT OF FINANCE, UNIVERSITY OF GHANA BUSINESS SCHOOL IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE AWARD OF MASTER OF BUSINESS ADMINISTRATION DEGREE IN FINANCE AUGUST 2019 University of Ghana http://ugspace.ug.edu.gh DECLARATION I declare that this Long Essay is my own work produced under supervision and that it has been not submitted in whole or in part, to any other University or Institution for the award of any degree or diploma. Except where states otherwise by reference or acknowledgement, the work submitted is entirely my own. ……………………………………. ................................................. ABRAHAM BORTIEH SANGO DATE (10636321) i University of Ghana http://ugspace.ug.edu.gh CERTIFICATION I hereby certify that this Long Essay was supervised in accordance with the procedures and guidelines laid down by the University of Ghana. ……………………………………… ........................................ DR. CHARLES ANDOH DATE (SUPERVISOR) ii University of Ghana http://ugspace.ug.edu.gh DEDICATION I dedicate this piece of work to the memory of my late father, Mr. Sango Laryea, who taught me that the best kind of knowledge to have is that which is learned for its own sake. It is also dedicated to my mother, who taught me that even the largest task can be accomplished if it is done one step at a time.I am proud of them. ii i University of Ghana http://ugspace.ug.edu.gh ACKNOWLEDGEMENT First and more importantly, I am mush indebted to the almighty God for sustaining me health wise and endowing me with much energy and wisdom to embark on this difficult task of writing this Long Essay and finally seeing to its completion. Dr. Charles Andoh has been my ideal Long Essay supervisor. His sage advice, insightful criticisms, and patient encouragement aided the writing of this Long Essay in innumerable ways. My profound gratitude goes to my colleagues, for their constructive and invaluable criticisms as well as their time devoted in discussion certain aspects of the work. My sincere gratitude also goes to Mrs. Matilda Osei whose steadfast support of this Long Essay was greatly needed and deeply appreciated. Finally, my sincere thanks go to Miss Rosemary Clottey and Mrs. Rita Boateng for the patience and caring love they showed me during the time I was putting this Long Essay to together. I am very grateful indeed. iv University of Ghana http://ugspace.ug.edu.gh TABLE OF CONTENTS DECLARATION....................................................................................................................... i CERTIFICATION .................................................................................................................. ii DEDICATION........................................................................................................................ iii ACKNOWLEDGEMENT ...................................................................................................... iv TABLE OF CONTENTS ........................................................................................................ v LIST OF TABLES ............................................................................................................... viii LIST OF FIGURES ................................................................................................................ ix LIST OF ABBREVIATIONS ................................................................................................. x ABSTRACT ........................................................................................................................... xii CHAPTER ONE ...................................................................................................................... 1 INTRODUCTION.................................................................................................................... 1 1.1 Introduction ...................................................................................................................... 1 1.2 Background of the study .................................................................................................. 1 1.3 Problem statement ............................................................................................................ 3 1.4 Purpose of the study ......................................................................................................... 4 1.4.1 Specific objectives......................................................................................................... 4 1.5 Research questions ........................................................................................................... 5 1.6 Significance of the study .................................................................................................. 5 1.7 Scope & limitation of the study........................................................................................ 5 1.8 Chapter organization ........................................................................................................ 6 CHAPTER TWO ..................................................................................................................... 7 LITERATURE REVIEW ....................................................................................................... 7 2.1 Introduction ...................................................................................................................... 7 2.2 History of electronic banking ........................................................................................... 7 2.3 The concept of electronic banking ................................................................................... 8 2.3.1 Internet aanking ............................................................................................................. 9 2.3.2 Automated teller machines (ATM) ............................................................................. 10 2.3.3 Telephone banking ...................................................................................................... 11 2.3.4 Personal computer banking ......................................................................................... 11 2.3.5 Branch networking ...................................................................................................... 11 2.3.6 Mobile banking ........................................................................................................... 12 2.4 Electronic banking in Ghana .......................................................................................... 12 2.5 Importance of eectronic banking .................................................................................... 13 2.6 Risks associated with electronic banking ....................................................................... 14 2.6.1 Operational/Transaction risk ....................................................................................... 15 2.6.2 Strategic risk ................................................................................................................ 17 2.6.3 Reputational risk ......................................................................................................... 17 2.6.4 Legal/Compliance risk ................................................................................................ 18 v University of Ghana http://ugspace.ug.edu.gh 2.7 Managing risks associated with electronic banking ....................................................... 19 2.8 Radio frequency identification (RFID) .......................................................................... 20 2.9 Theoretical framework ................................................................................................... 21 2.9.1 The diffusion of innovation theory.............................................................................. 21 2.9.2 The technology acceptance model .............................................................................. 22 2.10 Empirical review .......................................................................................................... 23 2.11 Gaps in literature .......................................................................................................... 25 2.12 Implication of the study................................................................................................ 25 CHAPTER THREE ............................................................................................................... 26 RESEARCH METHODOLOGY ......................................................................................... 26 3.1 Introduction .................................................................................................................... 26 3.2 Research design .............................................................................................................. 26 3.3 Research approach.......................................................................................................... 26 3.4 Target population ........................................................................................................... 27 3.5 Sample size and sampling technique .............................................................................. 27 3.6 Data collection method................................................................................................... 28 3.6.1 Sources of data ............................................................................................................ 28 3.6.2 Data collection tools .................................................................................................... 28 3.6.2.1 The study questionnaire ........................................................................................... 29 3.6.2.2 Interviews ................................................................................................................. 29 3.7 Data management & analysis ......................................................................................... 30 3.8 Ethical Considerations.................................................................................................... 31 3.9 Limitation to methodology ............................................................................................. 31 CHAPTER FOUR .................................................................................................................. 32 DATA ANALYSIS AND DISCUSSION OF FINDINGS ................................................... 32 4.1 Introduction .................................................................................................................... 32 4.2 Background information of respondents (bank staff) .................................................... 32 4.2.1 Gender of respondents ................................................................................................. 32 4.2.2 Age of respondents ...................................................................................................... 33 4.2.3 Marital status of respondents....................................................................................... 34 4.2.4 Educational background of respondents ..................................................................... 35 4.2.5 Years of working experience in the banking field ...................................................... 36 4.3 Identification of electronic banking risks from the bankers’ perspective ...................... 38 4.4 Examining the effect of Electronic Banking Risks on Banks ........................................ 41 4.4.1 Qualitative analysis from local banks ......................................................................... 41 4.4.2 Qualitative analysis from foreign banks ..................................................................... 43 4.5 Risk management of electronic banking based on the fourteen (14) principles of the Basel Committee .................................................................................................................. 45 4.6 Discussion of findings .................................................................................................... 52 CHAPTER FIVE ................................................................................................................... 55 SUMMARY, CONCLUSION AND RECOMMENDATIONS ......................................... 55 5.1 Introduction .................................................................................................................... 55 5.2 Summary of key findings ............................................................................................... 55 5.3 Conclusion ...................................................................................................................... 57 v i University of Ghana http://ugspace.ug.edu.gh 5.4 Recommendations .......................................................................................................... 58 5.5 Suggestions for further study ......................................................................................... 58 APPENDIX 1: STAFF QUESTIONNAIRE ........................................................................ 68 APPENDIX 2:INTERVIEW GUIDE FOR STAFF........................................................... 72 vi i University of Ghana http://ugspace.ug.edu.gh LIST OF TABLES Table 4.1: Age of respondents ................................................................................................. 34 Table 4.2: Marital status of respondents .................................................................................. 34 Table 4.3: Descriptive statistics: Risks associated with electronic eanking by local banks in Ghana. ...................................................................................................................................... 40 Table 4.4: Descriptive statistics: Risks associated with electronic banking by foreign banks in Ghana. ...................................................................................................................................... 41 Table 4.5: Descriptive statistics: Responses from staff of selected local banks ...................... 47 Table 4.6: Descriptive statistics: Responses from staff of selected foreign banks .................. 48 vi ii University of Ghana http://ugspace.ug.edu.gh LIST OF FIGURES Figure 4.1: Gender representation of respondents ................................................................... 33 Figure 4.2: Educational representation of respondents ........................................................... 35 Figure 4.3: Number of years of professional experience ......................................................... 36 Figure 4.4: Position of respondents ......................................................................................... 37 Figure 4.5: Type of banks ........................................................................................................ 38 ix University of Ghana http://ugspace.ug.edu.gh LIST OF ABBREVIATIONS ADB Agricultural Development Bank ATM Automated Teller Machine AVR Automated Voice Response BCBS Basel Committee on Banking Supervision BIS Bank for International Settlements CBG Consolidated Bank Ghana CV Coefficient of Variation EB Electronic Banking FRQ Frequency FTC Federal Trade Commission GCB Ghana Commercial Bank HBTF Housing Bank for Trade and Finance ICT Information and Communications Technology IT Information Technology JCB Jordan Commercial Bank MBRC Money and Bank Research Centre NIB National Investment Bank PBL Prudential Bank Limited PC Personal Computer PIN Personal Identification Number PLC Public Limited Company POS Point Of Sales RFID Radio Frequency Identification SMS Short Messaging Service x University of Ghana http://ugspace.ug.edu.gh SPSS Statistical Package for Social Sciences SQL Structured Query Language STD DEV Standard Deviation TAM Technology Acceptance Model TB Telephone Banking UBL Universal Merchant Bank x i University of Ghana http://ugspace.ug.edu.gh ABSTRACT The purpose of this study was to compare electronic banking risk management practices among local and foreign banks in Ghana. The study employed the mixed-method research approach through the use of questionnaires and interview guides for collecting primary data. With the aid of the Statistical Package for Social Sciences (SPSS Version 25), descriptive statistics tools namely; frequency, percentage, mean scores, standard deviations, variances and coefficient of variation were utilized to analyze the quantitative data. Furthermore, analysis of qualitative data through interviews was done manually to determine the themes in the interview text. From the findings, both local and foreign banks in Ghana have demonstrated a high level of efficacy in managing the risks associated with electronic banking based on the fourteen (14) principles. Nonetheless, the risk management roles by the foreign banks pertaining to EB were more prominent than the local banks. The study was necessary in view of the fact that several people are turning to the adoption of EB services, thus, it is essential that risks associated with EB be identified and effectively managed. Keywords: Bank, electronic banking, risk management, security. xi i University of Ghana http://ugspace.ug.edu.gh CHAPTER ONE INTRODUCTION 1.1 Introduction This chapter provides the general overview of the study. It presents the study background and statement of the problem. It outlines further the objectives of the study, research questions, study significance, scope and limitation of the study. The chapter ends by giving a preview of organization for the entire study. 1.2 Background of the study Advancement in Information and Communications Technology (ICT) in modern times have caused many banks, both local and international towards adopting electronic banking. According to Brady, Saren, and Tzokas (2002), the adoption of advanced technology via the use of internet, mobile phones, computers, Automated Teller Machines (ATMs), etc has played a vital role in revolutionizing the banking sector from the “rudimentary” labour-intensive grounded ledger system to systemized processes. This has indeed set the motion for the banking sector in delivering efficient payment systems compatible with the demands of the electronic market (Balachandler, Santha, Norhazlin & Rajendra, 2001). An innovative, vibrant, efficient and productive banking sector has emerged, and to stay competitive, many banks are adopting Electronic Banking (EB) to gain customer satisfaction and retention without geographical limitations (Karjaluoto, Mattila, & Pento, 2002). Daniel (1999) refers to EB to include several types of financial services which enable bank customers to carry out financial transactions via computer, mobile phone, or television. Furthermore, Federal Financial Institutions Examination Council (2003), defines EB as the automated delivery of traditional banking products and services to customers through electronic and interactive communication channels. According to Kolodinsky Hogarth and Hilgert (2004), EB has developed from providing just automated bill payments via Automated Teller Machines (ATMs) in the 1990s to provision of online services through electronic 1 University of Ghana http://ugspace.ug.edu.gh payments, account opening, borrowing facilities, computer banking, etc. The adoption of EB seems to be a significant task in today’s changing world, whereby society have shifted more to the use of internet and electronic facilities rather than the traditional way of banking. Today, the banking industry is changing rapidly as a result of the development of ICT, market competition and the overall international economic causing increase in the growth of financial transactions through electronic means such as fund electronic transfer, ATMs, electronic payment of bills, etc, (Money & Bank Research Centre (MBRC), 2005). Besides, innovations like cell phones, telecommunication networks, ATM, etc have changed the way in which banks provide financial services to customers with the advantage of focusing on new distribution channels; while granting access to services without spatial and time limitations. Ghana has also witnessed reforms in EB as evidenced with the introduction of technologies such as the ATMs in the 1990s (Abor, 2005). Following this, the Point Of Sales (POS) networks, Internet Banking, Mobile Banking, Tele-banking, Personal Computer (PC) Banking, International Money Transfer, Inter-Banking, payment, settlement system, etc, have been introduced by banks to satisfy their customers’ needs. According to Georgescu (2006), banks are generally expected to manage some common risk in the areas of operational, strategic, market, credit, liquidity, compliance or legal or regulatory and reputational risks. Nevertheless, new risks have been triggered by this electronic banking phenomenon. These include: unfamiliarity of employees and customers with new technology and lack of essential infrastructure for providing electronic financial services. Furthermore, EB has increased the technical complexity involved in many security and operational issues, by which users must be verified and given authorization prior to undertaking banking transactions (Trenca, Silivestru & Paun, 2010). A major important responsibility of banks and other financial institutions is to understand all types of risks so as to device appropriate strategies for managing them. Risk management practices usually used in EB are categorized into board and management oversight, security controls as well as legal and 2 University of Ghana http://ugspace.ug.edu.gh reputational risk management as recommended by the Basel Committee on Banking Supervision (BCBS) (Basel, 2008). 1.3 Problem statement Advances in technology as well as the rising influence of Information and Communications Technology (ICT) in financial institutions is one of the major achievements of the 21st century, to the extent that today, ICT has improved the relationships between groups of societies in different geographic regions and levels without any limitations of time and space (Abasinezhad, 2011). According to Christopher, Mike, Visit, and Amy (2006), EB has become an important channel for selling banking products and services, causing a paradigm shift in marketing practices, and contributing to the high performance of banks. Similarly, Singhal and Padhmanabhan (2008), posit that the ability of banks to provide opportunity for their customers through access and monitoring of personal accounts have increased their competition power within the complex markets in modern times. Despite the numerous benefits of electronic banking to both banks and customers, the introduction and development of EB has exposed the banking industry to more risks in the areas of operation, security, reputation and legal, which if not properly managed will lead to falling consumer confidence and financial losses (Adams, 2015). According to Imala (2002), Basel Committee on Banking Supervision (2003a) and Trenca et al. (2010), EB has increased and altered some of the risks associated with traditional banking. A report by the Basel Committee identified major electronic banking risks to include: operational, strategic, credit, liquidity and market risks (Basel Committee on Banking Supervision, 2003a). Even though the Basel Committee on Banking Supervision (BCBS, 2008) outlined some risk management principles categorized into; board and management oversight, security controls and legal and reputational risk management, the implementation of these risk management principles remains a major challenge, and continues to be a major drawback to 3 University of Ghana http://ugspace.ug.edu.gh most banks. In Nigeria for example, Ihejiahi (2009), argues that the lack of co-operation among commercial banks to tackle the high occurrence of ATM related frauds hinders the development of the banking industry in Nigeria. Since some emerging EB services are relatively new to the Ghanaian banking industry, little is known about the strategies put in place by banks in Ghana to manage the associated risks. Consequently, this study provides an empirical evidence by comparing EB risk management practices among local and foreign banks in Ghana. In particular, the study seeks to identify the risks involved in EB system among local and foreign banks in Ghana, to also examine how such risks can affect the banks, and to finally ascertain how these risks are managed by the banks. 1.4 Purpose of the study The purpose of this study is to compare electronic banking risk management practices among local and foreign banks in Ghana. 1.4.1 Specific objectives The study is guided by the following specific objectives: i. To identify the risks involved in electronic banking among local and foreign banks in Ghana. ii. To examine how such risks can affect the banks. iii. To ascertain how electronic banking risks are managed by the banks based on the fourteen (14) principles of Basel Committee. 4 University of Ghana http://ugspace.ug.edu.gh 1.5 Research questions The following research questions have been formulated to achieve the objectives of the study: i. What are the risks involved in electronic banking among local and foreign banks in Ghana? ii. In what ways can these risks affect the banks? iii. How are electronic banking risks managed towards attaining organizational effectiveness? 1.6 Significance of the study This study seeks to compare EB risk management practices among local and foreign banks in Ghana. Given that several people have turned to, or are turning to the adoption of EB services, it is essential that risks associated with this type of banking be identified and managed to enable banks to encourage their customers towards the use of such banking services. This study would be beneficial in many ways: First of all, the study would be significant by way of bridging the knowledge gap in EB risk management practices among local and foreign banks operating in the country. It is expected that findings from this study would be important to management of both local and foreign banks in Ghana, as well as regulatory bodies such as the Bank of Ghana as it would offer insight with regard to the various approaches of managing the risks associated with EB towards ensuring operational efficiency and profitability. This will also facilitate enhancement of customer confidence towards the adoption of EB services. Also, the study would serve as a reference material and form the basis for further research. In summary, the study findings will make significant contribution to practice, policy and academia. 1.7 Scope & limitation of the study The study seeks to compare EB risk management practices among selected local and foreign banks in Ghana. The study scope is limited to only sixteen (16) local and foreign banks 5 University of Ghana http://ugspace.ug.edu.gh operating in Ghana. The study target both management and non-management employees sampled from the sixteen (16) local and foreign banks in Ghana. 1.8 Chapter organization The study is organized into five (5) chapters. Chapter 1 presents the general introduction; which include the study background, statement of the problem, study objectives, research questions, study significance, scope & limitation and organization of the study. Chapter 2 reviews literature, both the theoretical and empirical literature relevant to the study. Chapter 3 discusses the research methodology used in conducting the study. Chapter 4 focuses on data presentation, analysis and discussion of findings. Chapter 5 provides highlights of the key findings through summary. Furthermore, conclusion and relevant recommendations are provided based on the study’s findings. 6 University of Ghana http://ugspace.ug.edu.gh CHAPTER TWO LITERATURE REVIEW 2.1 Introduction This chapter presents a review of literature relating to the study topic. The chapter will review literature on electronic banking history, concept, EB in Ghana, importance, types of risks associated with electronic banking, management of electronic banking, risks as well as Radio Frequency Identification (RFID) of electronic banking. Additionally, the chapter reviews theoretical frameworks, empirical studies related to the study topic, with identification of gaps as well as the implication of the study. 2.2 History of electronic banking Banks are searching continually for solutions to decrease operational costs and to also improve customer service delivery. In view of this, the banking industry has adopted several technologies and innovations based on prevailing trends to revolutionize the banking sector from the “rudimentary” labour-intensive grounded ledger system to systemized processes (Brady, Saren & Tzokas, 2002). The revolution of information technology within the banking industry started in the early 1970s, with the credit card, Automated Teller Machine (ATM) as well as the ATM networks. The telephone and cable television banking followed during the 1980s, with PC banking following during the late 1980s to early 1990s (Giannakoudi, 1999). Mobile Banking also emerged as banks sought to be more innovative, and to attract both the young and old generation of customers. According to Giannakoudi (1999), Information Technology (IT) allows electronic channels to execute several banking functions which would have been otherwise undertaken over the counter. 7 University of Ghana http://ugspace.ug.edu.gh Nonetheless, the challenges that characterize EB technologies for instance internet banking and ATMs are security issues with respect to internet banking, and high maintenance costs of ATMs. 2.3 The concept of electronic banking Advancement in the usage of contemporary Information and Communications Technology (ICT) as well as the internet has caused a change, replacing the traditional methods of banking with innovative ways through electronic operations. Stamoulis, Kanellis and Martakos (2002), consider EB as a financial innovation which has advanced significantly as a result of the creative usage of emerging Information and Communications Technology (ICT) in addition to other business forces. EB has become very dominant in performing financial transactions, providing financial benefits, and at the same time serving as a very powerful tool for promoting competition between banks (Zarei, 2011). EB provides convenient financial services to bank customers, either through a natural or legal person, from the use of the internet, wireless networks, as well as other forms of electronic devices. The term Electronic Banking (EB) has been defined in many ways by various researchers due to their understanding of EB application. For instance, Sathye (1999), describes EB to include a variety of channels such as: (a) Internet banking (or online banking), (b) television-based banking, (c) telephone banking, (d) PC banking (or offline banking) and (e) mobile phone banking.The Federal Financial Institutions Examination Council (2003), defines EB to include systems which allow financial institutions, individuals and businesses to transact business, access their accounts, obtain information on financial products or services, etc by means of a private or public network. Furthermore, the Basel Committee report defined EB as the provision of retail as well as small value banking products or services via electronic channels, and also large value electronic payments as well as other wholesale financial services delivered through electronic channels. Examples of EB products or services include; deposit taking, 8 University of Ghana http://ugspace.ug.edu.gh account management, lending, electronic bill payment, among many others (Basel Committee on Banking Supervision (BCBS), 2003). Moreover, Money and Bank Research Centre (MBRC) (2000), refers to EB as including electronic funds transfers, ATMs, electronic bill payments, mobile banking, web-based banking, etc which have transformed traditional ways of providing financial service to more technologically-driven banking transactions without spatial or time limitations. Again, Hong Kong Monetary Authority (2015), EB includes online banking through the internet (using mobile devices or computers) for making banking transactions, mobile payments through the use of wireless networks, self-service terminals such as the ATMs, mobile banking using mobile telephone networks. Additionally, Jehangir, Zahid, Jan, and Khan (2016), posit that EB represents automatic delivery of traditional and new banking products or services using computers, telecommunication equipment and other electronic channels. 2.3.1 Internet banking Internet banking is a type of EB which uses internet in bringing a bank closer to its customers. According to the Internet Banking Handbook (2001), internet banking is the means by which banking services are provided via the internet. Again, Thulani, Tofara, and Langton (2009), describe internet banking as systems which enable a customer to access his or her accounts and get general information about banking products and services via a bank’s website, without the need to send letters, original signatures or telephone confirmations. The system provides flexible and convenient services to customers by enabling customers to transact certain transactions such as checking accounts, making enquiries, transferring funds to different accounts, etc over the internet. An additional feature is that it offers customers 24/7 access. For customers that have access to a computer and internet, all that is required is to proceed their bank’s website and login. 9 University of Ghana http://ugspace.ug.edu.gh Internet Banking is however different from PC banking. As internet banking is browser-based, PC banking on the other hand requires that customers install a software package to be assigned by their bank on their PC. 2.3.2 Automated teller machines (ATM) Automated Teller Machines (ATMs), also known as 24-hour tellers are electronic terminals which provides opportunity to customers to bank at almost any time and at anywhere (Federal Trade Commission (FTC), 2006). Rose 1999, cited in Abor (2005), describes ATM as the amalgamation of computer terminal, database system and cash vault into a unit, which provide customers access to a bank’s book keeping system through the use of a plastic card with a Personal Identification Number (PIN), or by entering a unique code number into the computer terminal that is connected to the computerized records of the bank 24/7. ATM provides numerous retail banking services to bank customers. Introduced originally to function as machines for dispensing cash, and mostly situated outside the banks (airports, malls, etc.), the swift increase in technology in recent times has made ATMs serve other purposes such as providing account information and paying of bills (Abor, 2004). Many ATMs provide customers the opportunity to also make cash and cheque deposits, transfer money, top up phone credit and even purchase postage stamps. ATM services provide many benefits. The use of this provides banks which patronize in it with competitive advantage over banks which do not. Furthermore, the combination of human tellers and ATMs enable banks to be more productive. Again, the service saves time in terms of delivering service to customers as queuing in banking halls is minimized so that spared time can be utilized for productive activities (Abor, 2004). Additionally, the ability of ATMs to continue operation even after banking hours provides continuous productivity. According to Crosland of NCR Corporation 10 University of Ghana http://ugspace.ug.edu.gh (2010), ATM services apart from the cost savings and revenue generation benefits have become the face of several banks, with significant number of customers subscribing to them. 2.3.3 Telephone banking Telephone Banking or Telebanking (TB) is the type of banking which delivers financial services through the means of telecommunication technologies by which customers can carry out transactions by means of dialing a touch-tone telephone or a mobile communication device linked to the bank’s computerized system through an Automated Voice Response (AVR) device (Balachandher, Santha, Norhazlin & Rajendra, 2001). According to Leow (1999), TB is very useful to banks and customers through the delivery of convenient, time saving as well as easy access to banking services for customers. For banks, TB services help reduce cost as compared to branch-based banking services. TB has virtually all the gains derived from the ATM. 2.3.4 Personal computer banking Personal Computer (PC) Banking offers customers with access to their account information via a restrictive software system installed on their Personal Computers (PCs). Through this, customers can perform several retail banking functions. A customer can access banking services such as checking account balances, making transfers between accounts, paying bills, etc at his or her home and office (Abor, 2005). Technology development has expanded the use of PCs, bolstering the efficiency of PC banking. PC banking provide convenience to customers as they can electronically conduct several banking transactions on their PC. 2.3.5 Branch networking Branch Networking branches are described as an automation as well as the networking of geographically different branches of a bank into a framework of Wide Area Network to facilitate customer data sharing (Abor, 2005). This system ensures rapid inter - branch banking 11 University of Ghana http://ugspace.ug.edu.gh transactions, hence reducing time and distance constraints. Most banks operating in Ghana have several of their branches networked all over Ghana. Through this system, a customer can access their accounts in any of the bank’s branches, regardless of the branch where he or she opened the account. 2.3.6 Mobile banking The latest to be added to EB products or services in Ghana is banking on the mobile phone, popularly referred to as Mobile Banking. Mobile banking offers a platform or system whereby customers are automatically updated on their mobile phone about any transactions in their accounts in the form of credits, debits or any other information. Chovanova (2006), describes it as a system that uses text messaging system to update its customers about every transaction on their accounts. All what is required to be part of the platform is a mobile phone with an active text-messaging system. Short Messaging Service (SMS) banking is within this group. 2.4 Electronic banking in Ghana The Ghanaian banking industry has gone through numerous changes in terms of delivering service with the intention of improving the quality of service for its customers. These changes are evidenced by the increasing adoption of technologies and other innovative concepts into the banking industry (Adams & Lamptey, 2009). Earlier types of communication and electronic technologies were mostly office automated technologies. Telephones, facsimile and telex were used for speeding up and improving efficiency of service. For several years, they were the basic ICTs for making banking transactions (Abor, 2005). The Trust Bank Ghana introduced the ATM in 1995, with other major banks such as the Ghana Commercial Bank (GCB) Limited in partnership with the Agricultural Development Bank (ADB) Limited following in 2001 (Abor, 2005). ATM remains the most widely utilized EB service in Ghana. Since they are networked and customers are not required to be present 12 University of Ghana http://ugspace.ug.edu.gh personally at their branches to carry out banking transactions (Abor, 2005). Their availability is considered a major determinant for the choice of bank, and banks which were not efficient in their operation of ATM systems have suffered drastically. Due to competition between banks, almost all Ghanaian banks are presently providing different types of 24-hour EB services. 2.5 Importance of electronic banking EB offers convenience, secure transactions, and 24-hour banking options. In today’s information-driven business environment, organizations who do not adopt EB are disadvantaged in terms of competition with other banks who patronize EB products or services (Laura, 2014). According to Cheng, Lam and Yeung (2006), customers prefer EB for convenience, round the clock services, speed and access to their account anywhere and at any time. Nonetheless, some customers are still reluctant to adopt EB services, due to security issues and lack of knowledge about its usage (Ayrga, 2011). EB delivers benefits to banks too. According to (Polatoglu and Ekin, 2001), EB results in higher satisfaction of customers and retention. Furthermore, Cheng, Lam and Yeung (2006), maintain that banks benefit by way of less transaction costs, as EB entails less paper work, staff and physical branches. Again, Jen and Michael (2006), argue that EB generates extraordinary opportunities for banks and businesses universally, through the development of financial products, marketing and delivery of services. According to Laura (2014), EB provides five (5) key benefits to financial institutions. They include: i. Activity review: Accountants and other approved staff could perform routine banking activities like deposits, clearing of cheques, transferring funds, etc, quickly by means of an online banking interface. This enable processing of banking transactions to be performed smoothly on daily basis, instead of waiting for 13 University of Ghana http://ugspace.ug.edu.gh statements every month. Again, errors can be noted and quickly resolved before any adverse impact on the business could be detected. ii. Productivity: EB contributes to productivity gains. Electronic payments which minimizes physical visits of customers to the bank, as well as the ability to staff to work efficiently as required increases productivity. iii. Lower banking costs: EB reduces business overhead and expenses of banks. iv. Reduced errors: EB adoption minimizes errors of banks. Electronic payments, transfers, and other financial activities are made quickly. Furthermore, errors may be prevented as a result of keyboard slips or error of user(s). v. Reduced fraud: Increasing scrutiny of finances of organizations through audits, as well as antifraud measures demands higher level of transparency for every financial transaction. EB improves transparency of banking activities, making it difficult for fraud activities to occur. 2.6 Risks associated with electronic banking The term risk is commonly defined as the probability of a threat which leads to a diverse implication. Hubbard (2010) and the International Organization for Standardization (2011), however in their definition of the term argued that the definition of risk should be based on the state of uncertainty, rather than on the degree of likelihood. Thus they defined risk as a condition of uncertainty by which some of the possibilities include a loss, a catastrophe, or other undesirable consequence. Building on the definition of these authors, risk is defined in this study as a condition of uncertainty by which a particular threat source exploits one or many vulnerabilities, leading to a negative impact, whereby some of the possibilities include a loss, catastrophe, or other undesirable consequences. The key word in this definition is condition of uncertainty, and its resulting effect on the objectives of an organization. 14 University of Ghana http://ugspace.ug.edu.gh Electronic Banking (EB) is considered the wave of the future. Despite numerous benefits that EB provides, several challenges are also associated with its adoption. According to Abdou, Muslem, and Ismal (2014), both banks and customers must be ready to encounter an increased level of risk in the same way they enjoy the benefits available for adopting EB. In view of the increasing adoption of EB products or services, identification of and management of risks related with this banking system is considered an important task for banks and other financial institutions so as to encourage customers to patronize the services. Management processes of traditional banking have focused on market, security, liquidity, credit, compliance or legal, etc. (Georgescu, 2006). Nonetheless, following the introduction of EB, the industry has been more exposed to greater challenges in terms of operational, security, legal, strategic and reputational risks which if ignored will result to financial losses as well as falling consumer confidence (Federal Deposit Insurance Corporation, 2007; Nwogu & Odoh, 2015). A report by the E-banking group on risk management and EB supervision identified risks associated with EB to include; operational, strategic, liquidity, credit and market risks (BCBS, 2003). Below are the major types of risks associated with EB: 2.6.1 Operational/Transaction risk Operational risks are common risks in EB services. The dependence on new technology for the provision of services puts system availability and security as the fundamental operational risk involved in EB. “Security”, as identified by Titrade, Ciolacu and Pavel (2008:1540), remains a threat to both banks and customers, hence undermining confidence and confidentiality. Threats to security can occur from inside or outside of the banking system. Thus, measures are required to be undertaken to ensure data confidentiality and system integrity (Mihalcescu, Ciolacu, Pavel & Titrade, 2008). According to MollaZade (2010), operational risk is the type of risk that generates losses as a result of inadequate or inefficient internal controls, and human errors. Abou and Hasani (2008), consider operational risk to occur due to failure or lack of efficient personnel, technology and working processes. The Basel Committee on Banking 15 University of Ghana http://ugspace.ug.edu.gh Supervision (BCBS) (2011), also defines operational risk as risk losses that may result from inadequate or unsuccessful internal processes, people, or external events. This definition entails legal risk, but however excludes reputational and strategic risk. Some financial reports have revealed of substantial financial losses on EB platforms due to malfunctioning of Information Systems namely: Structured Query Language (SQL) injections (Barnett, 2009); fraud, viruses, as well as phishing attacks (Bonsón, Escobar & Flores, 2008; United Kingdom (UK) Payments Administration, 2011). For instance, phishing attacks which targeted UK banks rose from 1,700 reported cases in 2005 to 61,873 in 2010 (Financial Fraud Action UK, 2011). Also, Phone banking fraud rose by 5% (£12.7 million) in 2010, as compared with 2009, (Financial Fraud Action UK, 2011). These substantial financial losses have been classified as operational risk. For this reason, EB service providers must increase the complexity of the processes together with supporting technological infrastructure to minimize the risks. Management of operational risk should form an integral part of a bank's overall risk management. The rapid change in terms of technological advancement, as well as the introduction of clear capital requirements under the Basel II accord in the year 2006 are two fundamental factors which have concentrated on operational risk. Kondabagil (2007), maintains that operational risks can be reduced when there are active and direct risk controls. According to Ramakrishnan (2001), a number of EB facilities can be considered for outsourcing, however he recommends that management limit the use of third party providers due to increased transaction risks caused by lack of continuous control over the systems and processes used. Also, Khan and Karim (1997), suggest that effective management of operational risk can be achieved through effective policies and procedures to overcome such risks. Furthermore, Titrade et al. (2008) argue that separation of duties remains significant internal control. The number of controls required should depend on how sensitive the information is to the customer, 16 University of Ghana http://ugspace.ug.edu.gh institution and the institution’s established level of risk tolerance. Again, Anghelache, Cozmanca, Handoreanu, Obreja, Olteanu and Radu (2011), suggests that in implementing operational risk issues, financial institutions should identify and plan by using advanced methods in managing operational risk. 2.6.2 Strategic risk According to Kondabagil (2007), strategic risk relates to all features of banking, but becomes specific to EB when there is inadequate planning, management or monitoring of the performance of various EB channels on the part of management. Sokolov (2007), defines strategic risk as the current and future adverse impact on capital or earnings which arises as a result of business decisions, inappropriate implementation of decisions, absence of strategic goals, etc. The resources required in undertaking organizational strategies include: operating systems, communication channels, delivery networks, and managerial skills. These risks can be minimized through effective implementation of IT corporate governance programmes to facilitate the development of strategies, management processes, performance, as well as risk measurement of EB within organizations. According to Khan and Karim (1997), the board and management of a bank must take the responsibility to understand and evaluate the strategic risks associated with EB, and compare the costs of managing the risk against the possible return on their investment. Management information systems must be adequate enough to track usage, cost versus profitability, competition from co-banks, technical, operational, compliance and marketing support for EB products or services. 2.6.3 Reputational risk Kondabagil (2007), argue that several risk factors of which banks are exposed to has the tendency of affecting individual banks’ reputation and that of the sector. A bank’s reputation may be affected by factors including; fraud, security breaches, customer dissatisfaction with EB services., etc. Furthermore, a bank’s failure to safeguard customers’ confidential information could cause loss of trust in the bank. Scholars such as Kondabagil (2007), indicates 17 University of Ghana http://ugspace.ug.edu.gh that the damage to a bank’s reputation can significantly affect the sector in general, hence leading to a systemic disruption. Reputational risks can also arise from the misapplication of security precautions by customers, or ignorance on the part of a customer about the importance of taking such precautions. Security risks can augment and may lead to distrust of electronic delivery channels. Difficulties in addressing security or legal issues could affect a bank’s reputation causing dissatisfaction with EB services, security breaches, fraud etc (Pennathur, 2001). For instance, “Phishing”, the process of obtaining sensitive or private data to commit fraudulent activities could lead to irreparable loss of trust or confidence between a customer and a bank. Reputational risk weakens the ability of banks to build and maintain relationships with their customers. Furthermore, substantial loss resulting from mistakes of other banks providing similar EB services might cause customers to distrust the system, hence negatively affecting the reputation of the banking sector (Shirazi, 2003; Sokolov, 2007). Thus, banks have the responsibility of managing and controlling this risk. According to Kondabagil (2007), customer education, rapid response to incidents and management procedures could demonstrate that the benefits derived by customers for patronizing EB services far outweigh the risks involved. 2.6.4 Legal/Compliance risk As pointed out by Pennathur (2001), EB technology is under development constantly, hence uncertainty in terms of related legal issues. Violation of the rules could cause damage to the reputation of a financial institution, and could even lead to withdrawal of right to operate. Florina, Liliana and Viorica (2008), argue that EB service providers assume a higher amount of compliance risk due to the rapid changing nature of EB technology, the number of errors that could be replicated, and the rate at which regulatory changes occur. 18 University of Ghana http://ugspace.ug.edu.gh Compliance risk refers to risk to capital or earnings which results from non-conformance or violation of prescribed laws and regulations. Non- conformance to these changes often results in dire consequences such as being rated low, monetary fines, suspension of operations, damage to reputation, and sometimes withdrawal of license to operate (Kondabagil, 2007). Furthermore, compliance risks are frequently compounded in cross border conditions as a result of conflicting laws, tax procedures, reporting requirements, etc (Ramakrishnan, 2001; Shirazi, 2003). According to Pennathur (2001), typical legal issues in terms of customer privacy and money laundering must be effectively managed. Similarly, Kondabagil (2007), recommends that compliance risks under EB could be responsibly managed by employing well-trained personnel in addition to strengthening mitigation measures to help in reducing these risks. 2.7 Managing risks associated with electronic banking Globally, banks have a responsibility to ensure that customers gain the same level of confidence in the system, whether transactions are dealt with electronically or on a personal basis with bank employees (Basel Committee, 2003; BIS, 2003). According to Georgescu (2006), the competitive pressure by banks to launch innovative products within short time scales has intensified the challenge of their management in terms of undertaking adequate strategic assessment, risk analysis as well as security reviews. Gup and Kolari (2005), are of the view that management of risks is necessary for banks in order to increase their profits. Thus banks must acknowledge the various types of risks and seek alternative strategies so as to maximize shareholder wealth. Risk management practices used in EB are typically categorized into three (3) major areas. They are: Board and Management Oversight, Security Controls, and Legal and Reputational Risk Management. These areas are based on the fourteen (14) risk management principles identified by the Basel Committee on Banking Supervision (BCBS). The board of directors in 19 University of Ghana http://ugspace.ug.edu.gh addition to senior management have the responsibility to develop a risk management plan that will ensure that any risk is identified and managed effectively. Security control is also of great importance and includes the establishment of appropriate authentication procedures as well as providing secure EB services. Also, the legal and reputational risk of a firm is undoubtedly dependent on security control (Basel Committee, 2003). According to Basel (2003), these principles are to help financial institutions (banks) expand their current risk oversight policies as well as processes to manage their EB activities. 2.8 Radio frequency identification (RFID) Emerging EB capabilities like automation, access control to resources, improvement of internal processes, cost reduction, increasing competitiveness, as well as enhancing customer relationship have been the motivation of most reputational financial institutions (Gupta & Joseph, 2006). Considering the use of RFID in various banking activities, the RFID technology is a recommended technology for the development of EB, and can be useful in a variety of functions. The RFID technology makes use of radio frequencies for exchanging data between a tag which is attached to an object and the reader (Tuyls & Batina, 2006). As an electronic- tagging technology, it is able to digitally provide the identify of an object. The tags can be both active or inactive. Inactive tags are less expensive, are lower in range, and have no internal power supply. In contrast, active tags are expensive, are higher in range, and have internal power supply. Application of RFID technology in EB can help to improve management of customer relationship, management of financial document, prevent counterfeiting, aid in electronic payments as well as access control to resources. Thus, RFID play essential role in EB applications. Most banks are implementing solutions for the use of RFID in managing their relationship with customers. The purpose is to equip bank customers with a unique identity, for instance, a RFID card so that the bank can identify customers, thus it ensured security of payment cards. The RFID tags also could be embedded in high value banknotes so as to encrypt 20 University of Ghana http://ugspace.ug.edu.gh the security data against counterfeiting. Furthermore, an RFID tag can be used to track and manage sensitive bank documents against loss and subsequent banking fraud. Despite these great advantages, the technology is vulnerable to server attacks. One of such attack is peculiar to application of RFID systems in EB is cloning; this is the duplication of security features in such a way that they are considered authentic during authentication. Tag cloning is a major threat to anti-counterfeiting solutions in EB systems, and hence should be critically considered during the EB RFID solutions (Mitrokotsa, Rieback & Tanenbaum, 2009). 2.9 Theoretical framework Two (2) theories relevant to the adoption of electronic banking are discussed below. They include: The Diffusion of Innovation Theory and the Technology Acceptance Model (TAM). 2.9.1 The diffusion of innovation theory The Diffusion of Innovation Theory by Rogers (1995), explains how innovations are developed, used and become widely adopted. Clarke (2001), relating this theory to EB explain it as how technologies such as internet banking, ATMs, telephone banking, PC banking and mobile banking are adopted and become successful. According to Sevcik (2004), not all technologies are adopted as soon as they emerge, even though they may be good, it can take quite some time before they are accepted. Furthermore, he states that resistance to change can hinder diffusion of innovation, by slowing down the adoption process. Rogers (1995), identifies five (5) major attributes that influence adoption rate. These are; relative advantage, complexity, compatibility, trialability and observability. In explaining this further, relative advantage for instance talks about the degree to which a new technology may be perceived to be superior to already existing technology, thus influencing adoption. Compatibility is the consistency of technology’s performance to meeting consumer needs. Complexity is the complicated nature or feature of a technology which may affects its utilization. 21 University of Ghana http://ugspace.ug.edu.gh Rogers explains that the adoption rate of new innovation depends on how an organization perceives the five major attributes mentioned above. Therefore, if some banks in Ghana for instance recognize the benefits of EB, the innovation will be adopted provided there is availability of required resources. The banks will ensure that their presence is acknowledged in the industry and work hard to meet the gap that the technology seeks to address. Usage of these innovations would take place faster in organizations which already have IT departments for instance than those organizations without them. This theory nevertheless, causes a pro- innovation bias meaning that while the theory promotes successful diffusions that can be identified easily and investigated, it does not sufficiently account for unsuccessful diffusions as it normally does not provide visible traces so it can be easily studied. 2.9.2 The technology acceptance model Literature is prevalent with studies which make use of numerous models for comprehending, predicting and explaining the intention behind individuals’ acceptance or rejection of a technology, in this case electronic banking. A major model in this field is the Technology Acceptance Model (TAM), proposed by Davis, Bagozzi & Warshaw (1989). TAM is a widely used model by researchers to ascertain the underlying factors which contribute to new technologies’ acceptance and adoption (Alshibly, 2011). Furthermore, the model enables researchers and practitioners to determine the cause for unacceptability of a particular system (Davis et al., 1989). Davis et al. (1989), identified attitudes of the user toward the system usage as well as the effect of the system’s perceived usefulness of using the technology. Again, both attitudes and perceived usefulness are affected by perceived ease of usage. TAM posits that with other things being constant, perceived usefulness is influenced by the perceived ease of usage since the more a technology is easier to be used, the more its usefulness increases. Thus the external variables of this model are described to be a group of 22 University of Ghana http://ugspace.ug.edu.gh variables which are assumed to indirectly influence the adoption of a technology via perceived ease of use and perceived usefulness (Davis et al., 1989). 2.10 Empirical review A study was conducted by Abdou, English and Adewunmi (2014), to investigate risk management practices of EB among major UK banks, using the principles of Basel Committee on Banking Supervision (BCBS). Initial pilot study was conducted by interviewing some selected staff of one major UK banks. Questionnaire covering the fourteen (14) principles of Basel Committee on Banking Supervision (BCBS) was used as the main instrument for collection of the data. Qualitative analysis through the interviewees revealed security risk as the main risk faced by customers in their use of EB services. Furthermore, the quantitative analysis through the questionnaire found that UK banks have in place successful risk management structures which help prevent potential electronic risk as well as reduce losses. incurred from EB risks. The results of the study confirmed that UK banks are managing EB risks in accordance with the 14 BCBS risk principles in relation to the security controls for EB. Another study was conducted by Abdou, Hadjiantoni and Derwin (2015), on EB and risk management among public sector banks in Cyprus. The study was aimed at exploring the perception of bankers about the benefits derived from electronic banking as well as the associated risks of EB. Furthermore, the study explored bankers’ perception of the risk management principles with the 14 principles of BCBS. Data was collected through administration of questionnaire to selected bankers in Cyprus. Analysis of data was done by conducting multinomial regressions in addition to other statistical tools. The findings revealed that EB reduces the risk involved in carrying cash, it saves time and very convenient. Surprisingly, the findings also revealed from responses of the bankers that EB does not increase frauds. Furthermore, the study found from the four (4) leading public banks that risks are identified and then managed in accordance with the fourteen (14) principles of BCBS. 23 University of Ghana http://ugspace.ug.edu.gh Nzevela (2015), undertook a research to examine the impact of internet risk management strategies on financial performance among commercial banks in Kenya. By adopting a descriptive research design, all 43 commercial banks in Kenya participated in the study. Data was collected through both primary and secondary sources; primary data was obtained through administration of structured questionnaires administered to risk manager, whereas secondary data on financial performance was obtained from financial statements (of a five-year period, 2010-2014) of the various banks. Analysis of data was done through the use of correlation and regression analysis. Findings of the study revealed an insignificant relationship between risk management practices of internet banking and financial performance. The study however recommended that commercial banks invest in appropriate risk management practices so as to reduce risks, and curb fraud associated with internet banking. AL-Rawashdeh, Abu-Errub Areiqat and Dbbaghieh (2012), conducted a study to exmine the influence of information technology towards reducing EB risks in the banking sector of Jordan. By sampling three banks to represent the Jordanian banking sector, data was collected through interviews with the operations managers of the three banks namely; Jordan Commercial Bank (JCB), Housing Bank for Trade & Finance (HBTF) & Audi Bank. The study found that Jordanian banks paid much attention to managing risks associated with EB through their compliance of the Basel Standards on managing risk with regards to safety and security of EB services. 24 University of Ghana http://ugspace.ug.edu.gh 2.11 Gaps in literature Review of existing literature revealed compliance of most sampled banks with the fourteen (14) principles of BCBS in managing EB risks in their respective banks. Nevertheless, the study identified the lack of empirical evidence on the strategies put in place by banks in Ghana to manage the associated risks. Hence the study sought to provide an empirical evidence on EB risk management practices among local and foreign banks in Ghana. The empirical findings of this study would be useful to management of both local and foreign banks in Ghana, as well as regulatory bodies such as the Bank of Ghana as it would offer insight with regard to the various approaches of managing the risks associated with EB towards ensuring operational efficiency and profitability. Furthermore, most of the empirical studies reviewed adopted either quantitative or qualitative research approaches. In contrast, this study utilized the mixed research approach so as to provide more comprehensive evidence, and to help answer questions that could not be answered by either a quantitative or qualitative approach alone (Creswell & Plano Clark, 2011). 2.12 Implication of the study The prevalence of the above gaps in the reviewed literature leaves some implication for this study. It is essential that more studies be undertaken particularly in Ghana to validate more evidences on EB risk management practices in the banking sector as well as other sectors in the country. 25 University of Ghana http://ugspace.ug.edu.gh CHAPTER THREE RESEARCH METHODOLOGY 3.1 Introduction This chapter discusses the procedures used in conducting the study. As indicated by Babbie (2015), research methodology refers to the procedural framework by which a study is conducted. According to Hair, Money, Samuel and Page (2012), research methodology includes the theoretical, ideological and fundamental principles which guides a researcher in selecting a specific research method over the other. For this reason, the chapter presents a discussion of procedures used in conducting the study. It discusses the research design, research approach or strategy, data collection method, sampling size and sampling techniques, data management and analysis technique as well as the ethical considerations. The chapter ends by discussing the limitations to methodology. 3.2 Research design According to Babbie (2015), a research design is a plan or blueprint of how the researcher intends on conducting the research. It considers the constraints such as access to data, location, time and money that would be inevitably encountered, as well as ethical issues relating to the research (Hair, Money, Samuel, & Page, 2012). This study was carried out by using a descriptive design. According to Schutt (2011), descriptive research as a scientific method focuses on describing or defining a subject’s behaviour, mostly by creating a profile of a group of people, problems, or events through data collection and tabulation of frequencies. The descriptive research design was appropriate for the study as the study seeks compare the state of affairs existing already in the field. 3.3 Research approach This study adopted the mixed-method approach in comparing risk management of electronic banking among local and foreign banks in Ghana. Creswell (2012), defines mixed-method as 26 University of Ghana http://ugspace.ug.edu.gh the procedure for collecting, analyzing, and ‘mixing’ both the quantitative and qualitative method of data gathering and analysis within a single study in order to understand a research problem. Creswell and Plano Clark (2011), recommend that researchers share their beliefs through a mixed-methods approach in order to provide more comprehensive evidence, and to help answer questions that cannot be answered by a quantitative or qualitative approach alone. Thus this study adopted the mixed-method approach by using both quantitative and qualitative data gathering and analysis procedures to help in addressing the study objectives. 3.4 Target population According to Barreiro and Albandoz (2001), population is a group of people or objects in a particular social or biological setting from which data is gathered in a research. Similarly, Hair, Money, Samuel, and Page (2012), describe population as consisting of all the elements which forms the unit of analysis. The target population for this study included sixteen (16) banks in Ghana; eight (8) local banks and eight (8) foreign banks in Ghana. The eight (8) local banks include: Agricultural Development Bank (ADB) Limited, Cal Bank Limited, Fidelity Bank Limited, Prudential Bank Limited (PBL), Universal Merchant Bank (UMB) Limited, GCB Bank Limited, National Investment Bank (NIB) Limited and Consolidated Bank Ghana (CBG) Limited. The foreign banks also include: Access Bank (Ghana) Plc, Barclays Bank of Ghana Limited, Ecobank (Ghana) Limited, Guaranty Trust Bank (Ghana) Limited, Republic Bank (Ghana) Limited, Societe Generale (Ghana) Limited, Standard Chartered Bank (Ghana), and Zenith Bank (Ghana) Limited. 3.5 Sample size and sampling technique According to Barreiro and Albandoz (2001), sampling in research may be required because the population of participants may be too large to be conveniently surveyed. For this reason, sixteen (16) banks; eight (8) each from local and foreign banks operating in Ghana were conveniently sampled to participate in the study. 27 University of Ghana http://ugspace.ug.edu.gh A non-probability purposive method was utilized in selecting eighty (80) respondents made up of operations managers, senior risk management officers and other staff involved in EB activities from the selected banks. Furthermore, four (4) EB specialists, two each from the selected local and foreign banks were purposively selected to participate in the study through interview guide. According to Palinkas, Horwitz, Green, Wisdom, Duan and Hoagwood (2015), the non-probability purposive sampling guarantees correct identification as well as selection of information - rich cases which relate to the phenomenon of interest, and therefore ensures that only subjects within the specific characteristics are selected for the study. The selection of this study participants was necessary since the study was aimed at comparing electronic banking risk management practices among local and foreign banks in Ghana. The level of professional experience ensured that appropriate and in-depth information was provided in order to address the study objectives. 3.6 Data collection method 3.6.1 Sources of data This study relied on primary data through self-administered questionnaires and face-to-face interviews for gathering information in response to the research questions. The primary data collected enabled the collection of first-hand information from the field, with a higher level of confidence in the study outcome. 3.6.2 Data collection tools Both structured questionnaire and interview guide were used in this study. The structured questionnaire was employed to gather information from eighty (80) respondents made up of operations managers, senior risk management officers and other staff involved in EB activities drawn from the selected sixteen (16) local and foreign banks in Ghana. The interview guide on the other hand was used; four (4) EB specialists, two each from the selected local and foreign banks. 28 University of Ghana http://ugspace.ug.edu.gh 3.6.2.1 The study questionnaire According to Talbot (1995), a structured questionnaire is appropriate to be used when a researcher seeks to obtain information about the feelings, attitudes and beliefs, but which are not instantly observable. For this reason, structured questionnaire comprising of carefully framed questions was administered to eighty (80) respondents made up of operations managers, senior risk management officers and other staff involved in EB activities drawn from the selected sixteen (16) local and foreign banks in Ghana. The questionnaire items were developed based on objectives one and three of the study. The questionnaire designed had a number parts, which were further divided based on the research questions, with the exception of the Part 1 which captured the demographic information of respondents. Part 2 asked questions relating to risks associated with EB among local and foreign banks in Ghana. Part 3 asked questions relating to risk management practices of the banks based on the fourteen (14) principles of Basel Committee. This part was further divided into three (3) sections; Section A asked questions on three of the 14 risk management principles in relation to board management and oversight; Section B coverered seven of the principles in relation to security controls; whereas Section C covered four of the principles in relation to legal and reputational risk management. In each case, respondents were required to indicate their level of agreement by using a five Likert scale (which ranged from 1 = strongly disagree to 5 = strongly agree). Administration of questionnaires to respondents was done through the drop and pick later method. 3.6.2.2 Interviews According to Bryman (2008), interviews provide excellent means of accessing individuals’ perceptions and definitions of situations. Furthermore, interviews are helpful in gathering opinions, beliefs and thoughts of participants. To this effect, a non-probability purposive 29 University of Ghana http://ugspace.ug.edu.gh method was utilized in selecting four (4) EB specialists, two each from the selected local and foreign banks to participate in the study through interviews in order to gain a comprehensive understanding of issues relating to EB risk management practices among selected local and foreign banks in Ghana. The interviews were particularly conducted so as to find answers to the research question 2 based on the objective two of the study. According to Palinkas, Horwitz, Green, Wisdom, Duan and Hoagwood (2015), the non-probability purposive sampling guarantees correct identification as well as selection of information-rich cases which relate to the phenomenon of interest, and therefore ensures that only subjects within the specific characteristics are selected for the study. Thus, the level of professional experience of the interviewee ensured that appropriate and in-depth information was provided in order to address the study objectives. Furthermore, the reliability and validity of responses from the interviewees were enhanced through member checking. 3.7 Data management & analysis Bryman and Bell (2015), define data analysis as the process of sorting, collating, coding and organizing collected data, so as to derive meaning from it. With the aid of the Statistical Package for Social Sciences (SPSS Version 25), descriptive statistics were utilized to analyze the collected data. Descriptive statistical tools namely; frequency and percentage were useful in assessing the demographic information of respondents,whereas mean scores, standard deviations, variances and CV were used to analyze the various EB risks, as well as compliance of banks to the 14 risk management principles of the Basel Commiteee. On the other hand, analysis of qualitative data through interview guide conducted was done manually. The research guiding questions were continuously displayed to assist focus on the study and stay within the scope of the research questions. 30 University of Ghana http://ugspace.ug.edu.gh 3.8 Ethical considerations Ethical issues were really considered since human beings were involved in the study. In view of this, the study was carried out in accordance with basic research ethics. Participants’ permission was sought prior to collection of the data. There was an introductory letter from the Department of Finance of the University of Ghana Business School prior to administration of questionnaires. Furthermore, confidentiality of participants was upheld. Respondents were also assured that their responses will only be used for academic purposes. On the whole, respect, confidentiality and safety of participants were highly maintained and adhered to in this study. 3.9 Limitation to methodology The study sampled only sixteen (16) local and foreign banks operating in Ghana, eight (8) from each category to participate in the study. Furthermore, the total sample size of eighty-four (84) respondents was too small to make generalization about the study findings. Thus an increase in the sample size would lead to a better generalization of the study findings. 31 University of Ghana http://ugspace.ug.edu.gh CHAPTER FOUR DATA ANALYSIS AND DISCUSSION OF FINDINGS 4.1 Introduction While the preceding chapter provided the procedures employed for collection of the data, this chapter analyses the field data collected through questionnaire and interview administration. The chapter is divided into three parts; the first part analyses data on the background information of respondents; the second part analyses data relating to risk management of electronic banking, whereas the third part covers the general discussion of the study findings. 4.2 Background information of respondents (bank staff) The study obtained data on the background information of respondents. The background information included: Gender, age, educational level, type of bank, number of years of work experience and position. 4.2.1 Gender of respondents From the total number of eighty (80) respondents who responded to the study questionnaire, data collected revealed, as presented in Figure 4.1, that sixty-three (63), representing 79% were males, with the remaining seventeen (17) respondents, representing 21% of the total number of respondents being females. From the results of the data, it can be found that majority of the study participants were males; and this is due to the fact that more males as compared to females are found in the risk management departments. This was observed in both the local and foreign banks selected for the study. The statistics presented are summarized in Figure 4.1. 32 University of Ghana http://ugspace.ug.edu.gh Figure 4.1: Gender representation of respondents Female 21% Male Male Female 79% Source: Field data (2019) 4.2.2 Age of respondents From the data analyzed, it was revealed that five (5) respondents, representing 6% were 29 years and below; forty-four (44) of them, representing 55% were between the age of 30 to 39; those between the ages of 40 to 49 were twenty-three (23), representing 29%; with the remaining eight (8) respondents representing 10% being 50 years and above. The results hence reveal that many of the respondents that took part of the study were in their middle adulthood; and therefore had the predisposition to understand the study in its entirety. The statistics presented is summarized in Table 4.1. 33 University of Ghana http://ugspace.ug.edu.gh Table 4.1: Age of respondents Ages Frequency (f) Percentage (%) 29 years and below 5 6 30-39 years 44 55 40-49years 23 29 50 years and above 8 10 Total 80 100 Source: Field data (2019) 4.2.3 Marital status of respondents The study also took into account the marital status of the respondents. From the total of 80 respondents, twenty-four (24) respondents, representing 30% were single; forty-nine (49) respondents, representing 61% were married; five (5) respondents, representing 6% were divorced; whereas the remaining two (2) respondents, representing 3% of total respondents were widowed. The statistics is summarized in Table 4.2. Table 4.2: Marital status of respondents Marital status F r e q u e n c y ( f ) P e rcentage (%) Single 24 3 0 Married 49 61 Divorced 5 6 Widowed 2 3 Total 80 100 Source: Field Data (2019) 34 University of Ghana http://ugspace.ug.edu.gh 4.2.4 Educational background of respondents From the data collected, it was revealed as presented in Figure 4.2 that nine (9) respondents, representing 11% had HND; fifty-four (54) respondents, representing 68% had Bachelors’ degree. Respondents with Masters’ Degree were seventeen (17), representing 21%. It is apparent from the statistics presented in this segment that both of the selected local and foreign banks who participated in the study engage the services of people with higher level of education, and this is due to the fact that risk management and for that matter electronic banking risk management is a very technical area and therefore requires people with higher level of knowledge and capacity for effective delivery of this task. The statistics presented is summarized in Figure 4.2. Figure 4.2: Educational representation of respondents 54 17 9 HND Bachelor Masters Source: Field Data (2019) 35 University of Ghana http://ugspace.ug.edu.gh 4.2.5 Years of working experience in the banking field Data on the number of years of working in the bank was also collected. The results revealed that nine (9) of the respondents, representing 11% have worked at the bank for less than 2 years; those that have bank working experience between 2 to 5 years were twenty-two (22), representing 28% of the total number of 80 respondents; thirty-two (32) respondents, representing 40% have had between 6 to 10 years of bank working experience; whereas the remaining seventeen (17) respondents, representing 21% have bank working experience of 10 years and above. The level of professional experience by these respondents implied that appropriate and in-depth information was provided in order to address the study objectives. The statistics presented is summarized in Figure 4.3. Figure 4.3: Number of years of professional experience 35 30 25 20 15 10 5 0 Less than 2 years Between 2-5 years Between 6-10 years 10 years and above Source: Field Data (2019) Furthermore, data on the position of respondents was obtained. From the total number of 80 respondents, twenty-seven (27) of them, representing 34% were IT Managers; twenty-nine (29) respondents, representing 36% were EB Risk Management Officers; sixteen (16), respondents, representing 20% were Operations Managers; whereas the remaining eight (8) respondents, 36 University of Ghana http://ugspace.ug.edu.gh representing 16% of total number of respondents were Business Development Officers. The statistics presented is summarized in Figure 4.4. Figure 4.4: Position of respondents Business Development Officers 10% IT Managers Operations 34% Managers 20% EB Risk Mangement Officers 36% Source: Field data (2019) Data on the type of bank, was also obtained. From the results, eight (8) banks, representing 50% of the total number of 16 banks sampled for the study were local banks. The remaining eight (8) banks, representing 50% were foreign banks. These banks were all offering electronic banking services in their respective banks. The statistics presented is summarized in Figure 4.5. 37 University of Ghana http://ugspace.ug.edu.gh Figure 4.5: Type of banks Foreign Local 50% 50% Source: Field data (2019) 4.3 Identification of electronic banking Risks from the bankers’ perspective This section analyzed data regarding the risks associated with EB, by some selected local and foreign banks in Ghana, in line with objective one of this study. The analysis includes comparison of the EB risks being encountered by the local and foreign banks. With respect to EB having the chance of fraud, the results revealed the coefficient of variation (CV) of 16.00 and 13.26 for local and foreign banks respectively (thus accounting for 16.00% and 13.26% of variation in the level of EB risk respectively (see: Table 4.3 and Table 4.4 on the descriptive statistics). This implies that the foreign banks in comparison with the local banks face more EB risks relating to fraud. With regards to EB lacking information security, the results revealed the CV of 19.02 and 18.52 for local and foreign banks respectively (thus accounting for 19.02% and 18.52% of variation in the level of EB risk respectively (see: Table 4.3 and Table 4.4 on the descriptive statistics). This implies that the foreign banks in comparison with the local banks encounter more EB risks relating to lack of information security. 38 University of Ghana http://ugspace.ug.edu.gh In terms of EB being faced with network failures, the results revealed the CV of 20.51 and 21.19 for local and foreign banks respectively (thus accounting for 20.51% and 21.19% of variation in the level of EB risk respectively (see: Table 4.3 and Table 4.4 on the descriptive statistics). The results suggest that the local banks in comparison with the foreign banks encounter more EB risks relating to network failures. Regarding EB having many legal and security issues, the results revealed the CV of 15.12 and 16.49 for local and foreign banks respectively (thus accounting for 15.12% and 16.49% of variations in the level of EB risk respectively (see: Table 4.3 and Table 4.4 on the descriptive statistics). The results suggest that the local banks in comparison with the foreign banks encounter more EB risks relating to legal and security issues. Regarding EB having less operational reliability, the results revealed the CV of 13.98 and 14.81 for local and foreign banks respectively (thus accounting for 13.98% and 14.81% of variations in the level of EB risk respectively (see: Table 4.3 and Table 4.4 on the descriptive statistics). The results hence suggest that the local banks in comparison with the foreign banks encounter more EB risks relating to less operational reliability. Thus, the findings reveal that the local banks encounter more EB risks in terms of the system lacking information security; the system facing network failures, as well as the system having many legal and security issues. The foreign banks on the other hand encounter more EB risks in terms of the system having the chance of fraud, as well as the system lacking information security. 39 University of Ghana http://ugspace.ug.edu.gh The study findings affirmed the study findings of Nwogu and Odoh (2015), who revealed that the banking industry, following the introduction of EB has been more exposed to greater challenges in terms of operational, security, reputational, legal and strategic risks which if not managed effectively will result to financial losses as well as decrease in consumer confidence. The analysis of responses in relation to EB risks by the local and foreign banks operating in Ghana is summarized in Table 4.3 and Table 4.4. Table 4.3: Descriptive statistics: Risks associated with electronic banking by local banks in Ghana. Statement SA A N Mean Variance St. Dev. Coefficient of Variation (%) Frq. % Frq. % Frq. % Electronic banking has the chance of fraud 14 35 24 60 2 5 4.30 0.32 0.57 13.26 Electronic banking lacks 12 30 18 45 10 25 4.05 0.56 0.75 18.52 information security Electronic banking is faced with network 12 30 12 30 16 40 4.20 0.80 0.89 21.19 failures Electronic banking has 14 35 20 50 6 15 4.20 0.47 0.69 16.43 many legal and security issues Electronic banking has 8 20 26 65 6 15 4.05 0.36 0.60 14.81 less operational reliability 40 University of Ghana http://ugspace.ug.edu.gh Table 4.4: Descriptive statistics: Risks associated with electronic banking by foreign banks in Ghana Statement SA A N Mean Variance St. Coefficient Dev. of Variation (%) Frq. % Frq. % Frq. % Electronic banking has 0.46 16.00 12 30 26 65 2 5 4.25 0.68 the chance of fraud Electronic banking lacks 14 35 16 40 10 25 4.10 0.61 0.78 19.02 information security Electronic banking is faced with network 12 30 14 35 14 35 3.95 0.66 0.81 20.51 failures Electronic banking has 16 40 20 50 4 10 4.30 0.42 0.65 15.12 many legal and security issues Electronic banking has 10 25 26 65 4 10 4.15 0.34 0.58 13.98 less operational reliability Source: Field data (2019) 4.4 Examining the effect of electronic banking risks on banks This part of the analysis presents and analyses data qualitatively so as to examine how banks are affected by electronic banking risks, in line with objective two of the study. Qualitative data was gathered through interviews from four (4) selected EB specialists, two each from the selected local and foreign banks. 4.4.1 Qualitative analysis from local banks On how the bank’s EB channels are tested against common techniques by which fraudsters use to break into the bank’s server by misleading application, one interviewee replied that; “EB channels are tested regularly through the use of inbuilt application that verifies the authenticity of every transaction”. Another also responded that; 41 University of Ghana http://ugspace.ug.edu.gh “electronic banking channels are usually tested before running the application on pilot bases, and also at least once very month”. Furthermore, on what procedures are implemented to verify the accuracy and content of websites information and links to other websites or interactive programs available to customers, it was revealed from both interviewees that; “every programme has a unique PIN. In addition, PIN numbers and special serial numbers are required for every transaction”. On how the banks mitigate the various risks associated with electronic banking, it was revealed from the responses that; “there is the implementation of proper internal control measures or authentication”. Most importantly, the interviewees were asked about how EB affect their banks. The responses revealed that: They are affected by: i. Reputational risks: That is, the risks incurred due to certain factors such as fraud and security breaches. They indicated that; “when such incidences occur the banks reputation is affected and lead to loss of trust in the bank by its customers”. Difficulties in addressing security or legal issues could affect a bank’s reputation causing dissatisfaction with EB services, security breaches, fraud etc ii. Legal risks: With regards to legal risks, the interviewees revealed that; “their banks are constantly faced with legal risks and issues related to their delivery of EB services. They noted that legal or compliance issues involved with regards to regulations for instance when violated can cause the reputation of the banks, and even lead to the withdrawal of license to operate”. iii. Operational risks: The interviewees again noted that; 42 University of Ghana http://ugspace.ug.edu.gh “threat to security is a major threat to their operations, as it undermines the confidence that their customers have in them. They revealed that when there are security threats in their operations, they encounter financial losses”. The results of the findings thus confirmed the argument of Nwogu and Odoh (2015), who revealed that the banking industry following the introduction of EB has been more exposed to greater challenges in terms of operational, reputational, legal, and strategic risks which if ignored will result to financial losses as well as falling consumer confidence. 4.4.2 Qualitative analysis from foreign banks On how the bank’s EB channels are tested against common techniques by which fraudsters use to break into the bank’s server by misleading application, one interviewee replied that; “EB channels are always tested on pilot bases. Another also responded that “passwords and virus protection software are regularly used on all devices of the bank”. Furthermore, on what procedures are implemented to verify the accuracy and content of websites information and links to other websites or interactive programs available to customers, it was found that; “PIN numbers and special serial numbers are provided to customers to use them in performing transactions”. Furthermore, “it is ensured by the banks that proper authorization controls are put in place to protect customers of the bank”. On how the banks mitigate the various risks associated with electronic banking, it was revealed from the responses that; 43 University of Ghana http://ugspace.ug.edu.gh “the risks are mitigated by implementing multi-channel fraud and suspicious activity monitoring solutions. Again, it was established that the banks implement proper internal control measures to mitigate EB risks”. Most importantly, the interviewees were asked about how EB affect their banks. The responses revealed that: They are affected by: i. Operational risks: The interviewees revealed that; “security poses a major threat to their operations, It was revealed that when the bank experience security threats in its operations, they incur some financial losses”. ii. Legal risks: With regards to legal risks, it was revealed through the interviewes that; “their banks face legal risks in the course of the delivery of EB services. They indicated that legal issues involved with regards to regulations when violated can cause the reputation of the banks, or cause the withdrawal of license for the banks to operate”. iii. Reputational risks : That is, the risks incurred due to certain factors such as fraud and security breaches. The interviewees indicated that; “when such incidences occur the banks reputation is affected and lead to loss of trust by customers”. iv. Strategic Risks: In terms of strategic risks, it was revealed through the interviews conducted that; “the banks also face some strategic risks of inappropriate management decisions as well as the implementation of those decision. The revealed that the occurrence of strategic risks negatively affect their earnings”. 44 University of Ghana http://ugspace.ug.edu.gh The results of the findings thus confirmed the argument of Nwogu and Odoh (2015), who revealed that the banking industry following the introduction of EB has been more exposed to greater challenges in terms of operational, security, legal, strategic and reputational risks which if ignored will result to financial losses as well as falling consumer confidence. 4.5 Risk management of electronic banking based on the fourteen (14) principles of the Basel Committee This section analyzed data regarding the management of EB risks based on the 14 Principles of the Basel Committee, by some selected local and foreign banks in Ghana. The analysis involves a comparison of how the banks are managing EB risks in accordance with the 14 principles. The statistics presented are summarized in Table 4.5and Table 4.6. Principles 1 to 3: Board and management oversight Principle 1: Effective management oversight regarding EB activities. The results revealed the coefficient of variation (CV) of 26.33 and 26.38 for local and foreign banks respectively (thus accounting for 26.33% and 26.38% of variations in the level of EB risk management pertaining to Principle 1 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). This implies that although both local and foreign banks in Ghana take appropriate actions to manage EB risks, the local banks are more strategic in managing the construct. Again, it presupposes that the local banks are assertive and proactively responsible for implementing their business strategy that outlines how effective risk management oversight responsibilities must be executed. Principle 2: Establishment of the security control process. The results revealed the CV of 29.86 and 34.16 for local banks and foreign banks respectively (thus accounting for 29.86% and 34.16% of variations in the level of EB risk management pertaining to Principle 2 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). 45 University of Ghana http://ugspace.ug.edu.gh This implies that the local banks in comparison with the foreign banks have put in more strategies and systems in place to effectively manage security control processes. This also posits that the executive and senior-level staff proactively analyses, evaluates and sanctions the most vital components of the institution’s security control process. Again, it means that the banks periodically alter the password system at every login to make security more robust. Principle 3: Establishment of comprehensive due diligence as well as oversight process for the management of outsourcing relationships of the bank, in addition to other third- party dependencies. The results revealed the CV of 21.60 and 21.35 for local banks and foreign banks respectively (thus accounting for 21.60% and 21.35% of variations in the level of EB risk management pertaining to Principle 3 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results therefore suggest that the foreign banks have established a more comprehensive due diligence as well as oversight process for the management of outsourcing relationships of the bank, in addition to other third-party dependencies. It also means that the management of the foreign banks in order to remain more competitive with their local counterparts may have created comprehensive synchronized approach, essential to reinforcing the banks’ outsourcing relationships and other third-party dependencies supporting EB. Furthermore, it means that the foreign banks having gained some level of expertise over the years, coupled with their professional staff in the EB space have utilized the best vendors for outsourcing and as third party. 46 University of Ghana http://ugspace.ug.edu.gh Table 4.5: Descriptive statistics: Responses from staff of selected local banks N Mean Variance Std. Coefficient Dev. of Variation Board & management oversight Principle1 40 3.38 0.80 0.89 26.33 Principle2 40 2.88 0.74 0.86 29.86 Principle3 40 3.75 0.65 0.81 21.60 Security controls Principle4 40 3.48 0.67 0.82 23.56 Principle5 40 3.60 0.91 0.95 26.39 Principle6 40 3.65 0.44 0.66 18.08 Principle7 40 3.38 1.37 1.17 34.62 Principle8 40 2.78 1.41 1.19 42.81 Principle9 40 3.25 0.91 0.95 29.23 Principle10 40 3.25 0.76 0.87 26.77 Legal & reputational risk management Principle11 40 3.70 0.83 0.91 24.59 Principle12 40 3.80 0.73 0.85 22.37 Principle13 40 3.28 0.87 0.93 28.35 Principle14 40 3.50 1.23 1.11 31.71 Source: Field data (2019) 47 University of Ghana http://ugspace.ug.edu.gh Table 4.6: Descriptive statistics: Responses from staff of selected foreign banks N Mean Variance Std. Dev. Coefficient of variance Board & management oversight Principle1 40 3.45 0.82 0.91 26.38 Principle2 40 3.63 1.53 1.24 34.16 Principle3 40 3.70 0.63 0.79 21.35 Security controls Principle4 40 3.83 0.45 0.67 17.49 Principle5 40 3.63 0.75 0.87 23.97 Principle6 40 3.83 0.81 0.9 23.50 Principle7 40 3.75 0.91 0.95 25.33 Principle8 40 3.40 0.81 0.9 26.50 Principle9 40 4.18 0.46 0.68 16.27 Principle10 40 4.00 0.33 0.57 14.25 Legal & reputational risk management Principle11 40 3.83 0.74 0.86 22.45 Principle12 40 3.38 0.75 0.87 25.74 Principle13 40 3.78 0.38 0.62 16.40 Principle14 40 3.85 0.49 0.70 18.18 Source: Field data (2019) Principles 4 to 10: Security controls Principle 4: Authentication of EB customers. The results revealed the CV of 23.56 and 17.49 for local banks and foreign banks respectively (thus accounting for 23.56% and 17.49% of variations in the level of EB risk management pertaining to Principle 4 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). This implies that the foreign banks have put in more adequate measures of authenticating EB Customers. Nonetheless, some of these measures are often breached as a result of clients’ inability to keep some of these measures, for example, confidentially of passwords. The results mean that the local banks need to put more suitable steps in place to effectively verify or authenticate the identity and authorization of client over EB business transactions. 48 University of Ghana http://ugspace.ug.edu.gh Principle 5: Usage of transaction authentication methods. The results revealed the CV of 26.39 and 23.97 for local banks and foreign banks respectively (thus accounting for 26.39% and 23.97% of variations in the level of EB risk management pertaining to Principle 5 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics).The results imply that the foreign banks adhere more to security control which means that they use transactional authentication methodologies that promote nonrepudiation and ensures accountability. Principle 6: Segregation of duties within EB systems. The results revealed the CV of 18.08 and 23.50 for local banks and foreign banks respectively (thus accounting for 18.08% and 23.50% of variations in the level of EB risk management pertaining to Principle 6 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results imply that the local banks in comparison with the foreign banks have put in place all essential control needed for maintaining segregation of duties. Principle 7: Authorization controls within EB systems. The results revealed the CV of 34.62 and 25.33 for local banks and foreign banks respectively (thus accounting for 34.62% and 25.33% of variations in the level of EB risk management pertaining to Principle 7 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results imply that the foreign banks have put in place more authorization control mechanisms within EB systems. Principle 8: Clear audit trails regarding EB transactions. The results revealed the CV of 42.81 and 26.50 for local banks and foreign banks respectively (thus accounting for 42.81% and 26.50% of variations in the level of EB risk management pertaining to Principle 8 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results imply that the foreign banks have established more clear audit trails regarding EB 49 University of Ghana http://ugspace.ug.edu.gh transactions. This also means that the foreign banks adopt more measures to store and ensure that historical data transactions are difficult to be modified. Principle 9: Data integrity of EB transactions & information. The results revealed the CV of 29.23 and 16.27 for local banks and foreign banks respectively (thus accounting for 29.23% and 16.27% of variations in the level of EB risk management pertaining to Principle 9 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results imply that the foreign banks have established more clear audit trails regarding EB transactions. This also means that the foreign bank data protection integrity regime for EB transactions, records and information sharing is more advanced and also meet best management practices. Principle 10: Confidentiality of key EB information. The results revealed the CV of 26.77 and 14.25 for local banks and foreign banks respectively (thus accounting for 26.77% and 14.25% of variations in the level of EB risk management pertaining to Principle 10 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results suggest that foreign banks in Ghana key information or data is more secured than that of the local banks, and only available to authorized and authenticated individuals. Principles 11 to 14: Legal and reputational risk management Principle 11: Appropriate disclosures for EB services. The results revealed the CV of 24.59 and 22.45 for local banks and foreign banks respectively (thus accounting for 24.59% and 22.45% of variations in the level of EB risk management pertaining to Principle 11 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results indicate that the foreign banks are leading in their attempt to minimize legal and reputational risks that come from disclosures relating to their EB activities. 50 University of Ghana http://ugspace.ug.edu.gh Principle 12: Privacy of customer information. The results revealed the CV of 22.37 and 25.74 for local banks and foreign banks respectively (thus accounting for 22.37% and 25.74% of variations in the level of EB risk management pertaining to Principle 12 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). The results imply that the local banks are more efficient in managing privacy of customer information, as indicated by the responses. Principle 13: Existence of effective capacity, business continuity and contingency planning process. The results revealed the CV of 28.35 and 16.40 for local banks and foreign banks respectively (thus accounting for 28.35% and 16.40% of variations in the level of EB risk management pertaining to Principle 13 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). This implies that foreign banks have in place a more effective capacity, business continuity and contingency planning process. Thus foreign banks have more effective planning processes which promote EB risk management systems and services. Principle 14: Incident response planning. The results revealed the CV of 31.71 and 18.18 for local banks and foreign banks respectively (thus accounting for 31.71% and 18.18% of variations in the level of EB risk management pertaining to Principle 14 respectively (see: Table 4.5 and Table 4.6 on the descriptive statistics). Thus, it can be concluded that the foreign banks are more prepared for unexpected attacks on their EB systems than the local banks. 51 University of Ghana http://ugspace.ug.edu.gh 4.6 Discussion of findings This study sought to compare EB risk management practices among some selected local and foreign banks in Ghana. The study focused on achieving three (3) specific objectives; to identify the risks involved in EB among the selected banks, to examine how such risks affect the banks, and also to ascertain how EB risks are managed by these banks based on the 14 principles of the Basel Committee. In the first objective, the study identified certain EB risks encountered by local banks and foreign banks in Ghana. It was revealed that although both local and foreign banks encounter EB risks in terms of fraud, lack of information security, network failures, legal and security issues, as well as less operational reliability, the study found that local banks encounter more EB risks in terms of the system having the chance of fraud, lacking information security; the system facing network failures, as well as the system having many legal and security issues. The foreign banks on the other hand encounter more EB risks in terms of the system having the chance of fraud, as well as the system lacking information security. In line with the second objective, the results revealed some major EB risks and their effect on selected local and foreign banks in Ghana. These include: Operational, Reputational, Legal and Strategic Risks. The results from the local banks revealed that the banks are mainly affected by Reputational, Legal and Operational Risks. Operational Risk was found to occur mainly due to security threats in the operations of the banks; Again, it was revealed that the banks were exposed to Legal Risk, that is; risk associated to the loss of capital or earnings which results from non-conformance or violation of prescribed laws and regulations. It was revealed that the banks are also much exposed to legal risk due to the rapid changing nature of EB technology, the numerous mistakes that could be replicated, in addition to frequent regulatory changes. The interviewees indicated that this type of risk has dire consequences on their operations in the form of; monetary fines, suspension of operations, as well as damage to their reputation. Furthermore, Reputational Risks, that is, the risks incurred due to certain factors such as fraud 52 University of Ghana http://ugspace.ug.edu.gh and security breaches. The interviewees indicated that when such incidences occur the banks reputation is affected and lead to loss of trust by customers. With respect to the foreign banks, the results revealed that these banks are mainly affected by Reputational, Legal, Strategic and Operational Risks. Reputational Risks, that is, the risks incurred due to certain factors such as fraud and security breaches. The interviewees indicated that when such incidences occur the banks reputation is affected and lead to loss of trust in the bank. Operational Risk is found to occur mainly due to security threats in the operations of the banks; Again, it was revealed that the banks were exposed to Legal Risk, that is; risk associated to the loss of capital or earnings which results from non-conformance or violation of prescribed laws and regulations. It was revealed that the banks are also much exposed to legal risk due to the rapid changing nature of EB technology, the numerous mistakes that could be replicated, in addition to frequent regulatory changes. The interviewees indicated that this type of risk has dire consequences on their operations in the form of; monetary fines, suspension of operations, as well as damage to their reputation. Furthermore, the results revealed the banks’ exposure to Strategic risk, occurring from occasional inappropriate management decisions, and the implementation of those decisions. Thus in comparing how both local and foreign banks are affected by the EB risks, the study found some major EB risks which affect the local banks to include; Reputational, Legal and Operational Risks. On the contrary, the study found some major EB risks which affect the foreign banks to include; Operational, Legal, Reputational, and Strategic Risks. In line with the third objective, the researcher sought to ascertain how EB risks are being managed by the local and foreign banks based on the 14 principles of Basel Committee. Comparisons were made to discover which of the banks; local and foreign banks comply most in accordance with the 14 principles of Basel Committee. 53 University of Ghana http://ugspace.ug.edu.gh With regards to Principle 1 to 3 under Board and Management Oversight, the results revealed that the board and Management of both the local and foreign banks have demonstrated a high level of efficacy in their oversight roles in managing EB risks. Nonetheless the Board and management oversight roles of the local banks pertaining to EB risk management were more prominent as compared to those of the foreign banks. With regards to Principle 4 to 10 under Security Controls, the results revealed that although both the local and foreign banks have put in security measures in the areas of; authenticating the identity of customers during transactions; segregation of duties in EB systems; authorization controls as well as access privileges for EB systems and applications; audit trails for EB transactions; protection of data integrity of EB transactions and information; and confidentiality of key EB information to manage EB risks, the security controls being implemented by the foreign banks are more effective in comparison with the local banks. Regarding Principle 11 to 14 under Legal and Reputational Risk Management, the results revealed that although both the local and foreign banks have put in appropriate measures to manage legal and reputational risk, the legal and reputational risk management being implemented by the foreign banks were more effective in comparison with the local banks. 54 University of Ghana http://ugspace.ug.edu.gh CHAPTER FIVE SUMMARY, CONCLUSION AND RECOMMENDATIONS 5.1 Introduction While the preceding chapter presented and discussed the study’s findings, this chapter presents the summary of key findings and conclusion. Furthermore, recommendations are provided in addition to suggestion for further research. 5.2 Summary of key findings This study sought to compare EB risk management practices among local and foreign banks in Ghana. The study focused on achieving three (3) specific objectives; to identify the risks involved in EB among local and foreign banks in Ghana, to examine how such risks affect the selected banks, and also to ascertain how EB risks are managed by the banks based on the 14 principles of the Basel Committee. The study employed the mixed-method approach, with the adoption of quantitative and qualitative approaches for data collection and analysis. The purposive method was utilized in selecting eighty (80) respondents made up of Operations Managers, Risk Management Officers and other staff involved in EB activities from the selected banks. Furthermore, four (4) EB Senior Managers, were purposively sampled for interviews. With the aid of the Statistical Package for Social Sciences (SPSS Version 25), descriptive statistics were utilized to analyze the collected data. Descriptive statistical tools namely; frequency and percentage, were useful in assessing the demographic information of respondents (gender, age, education and job tenure), whereas means scores, variance, standard deviations and coefficient of variation were used to analyze the various EB risks, as well as compliance of banks to the 14 risk management principles of the Basel Committee. On the other hand, analysis of qualitative data through 55 University of Ghana http://ugspace.ug.edu.gh interviews conducted was done manually to determine the themes in the interview text. The methodology employed helped in identifying the following key findings: In line with objective one, the study found that local banks encounter more EB risks in terms of the system lacking information security; the system facing network failures, as well as the system having many legal and security issues. The foreign banks on the other hand encounter more EB risks in terms of the system having the chance of fraud, as well as the system lacking information security. The study findings affirmed the study findings of Nwogu and Odoh (2015) ,who revealed that the banking industry, following the introduction of EB has been more exposed to greater challenges in terms of operational, security, reputational, legal and strategic risks which if not managed effectively will result to financial losses as well as decrease in consumer confidence. The statistics summarized was presented in Table 4.3 and 4.4. In line with the second objective, the results revealed some major EB risks and their effect on banks in Ghana. These include: Operational, Reputational, Legal and Strategic Risks. For the local banks, the results reveled that they mostly encounter Reputational, Legal and Operational Risks. On the contrary, the study found some major EB risks which affect the foreign banks to include; Operational, Legal, Reputational, and Strategic Risks. These results thus confirmed the studies of scholars such as Kondabagil (2007), Sokolov (2007) and Nwogu and Odoh (2015), who revealed that the banking industry following the introduction of EB has been more exposed to greater challenges in terms of operational, legal, strategic and reputational risks which if not managed effectively will result to financial losses as well as decrease in consumer confidence. With regards to the third objective, it was found that both local and foreign banks in Ghana have demonstrated a high level of efficacy in managing EB risks, based on the 14 Principles. Nonetheless the risk management roles of the foreign banks pertaining to EB risk management 56 University of Ghana http://ugspace.ug.edu.gh were more prominent than those of the local banks. The statistics summarized was presented in Tables 4.5 and 4.6. 5.3 Conclusion Advancement in ICT in modern times have caused many banks, both local and international towards adopting EB. According to Brady, Saren, and Tzokas (2002), the adoption of advanced technology via the use of internet, mobile phones, computers, ATMs, etc has played a vital role in revolutionizing the banking sector. The emergence of EB has become very dominant in performing financial transactions, providing financial benefits, and at the same time serving as a very powerful tool for promoting competition between banks (Zarei, 2011). The evidence gathered in the study showed the following conclusions: i. That both local and foreign banks in Ghana have demonstrated a high level of efficacy in managing EB risks based on the 14 Principles. Nonetheless, the risk management roles by the foreign banks pertaining to EB were more prominent than the local banks. ii. The risk management practices of the foreign banks were more effective than the local banks. Despite this, the several reported cases of the failure of EB systems in some foreign banks indicate that more needs to be done. iii. That security poses a major threat to the delivery and adoption of EB products/services. This was made evident by both the local and foreign banks. iv. That both local and foreign banks are exposed to Operational, Legal and Reputational Risks. 57 University of Ghana http://ugspace.ug.edu.gh 5.4 Recommendations In line with the study findings, the study recommends the following: i. Local banks should undertake suitable steps to promote adequate segregation of roles in the EB databases and applications system. In so doing, technical staff should be equipped to operate in a good and comfortable workspace to minimize challenges. ii. Local banks should adopt effective transaction authentication applications like alert messaging text or mails for every business deal verification. iii. Local banks should also resort to automated day-to-day reports generation and inaugurating effective communication and report sharing regimes with their customers iv. There should also be other ways whereby the banks could undertake optimum and careful control mechanisms to prevent clients from altering their status, thereby allowing access to EB systems which otherwise is not expected. Thus, the database system should be configured with real-time update function and a consistency of internet connectivity to avoid any challenge. v. The need for downloading and installing internet banking applications, for instance must be approved to registered users only. vi. Effective incident response systems should be adopted, essential to help minimize operational and legal risks that might occur. vii. Finally, the RFID technology is recommended to be adopted for the development of EB in Ghana. 5.5 Suggestions for further study In future, it is suggested that more studies be conducted in the area of EB Risk Management practices since the identification of EB risks, and the provision of relevant recommendations to manage EB risks would lead to a better service delivery, and encourage more customers to patronize EB services. 58 University of Ghana http://ugspace.ug.edu.gh REFERENCES Abasinezhad, H. (2011). Electronic Banking. Iran-Tehran. SAMT publishing, printing, 3, 20. Abdou, H., English, J., & Adewunmi, P. (2014). An investigation of risk management practices in electronic banking: the case of the UK banks. Banks and Bank Systems, 9(3). Abdou, H., Hadjiantoni, H., & Derwin, G. (2015). E-banking and risk management: evidence from the Cypriot public sector banks. Banks and Bank Systems, 10(3), 17-27. Abdou, H., Muslem, O. & Ismal, R. (2014). Risk Management Practices in the Republic of Yemen: Are Islamic banks different?. Journal of Islamic Economics, Banking and Finance, 10 (3),46-73. Abor, J. (2004). Technological Innovations and Banking in Ghana: An evaluation of customers’ perceptions. Accra: University of Ghana, Legon. Abor, J. (2005). Technological innovations and banking in Ghana: an evaluation of customers' perceptions. IFE Psychologia. An International Journal, 13(1), 170-187. Abou, A. A., & Hasani, M. R. (2008). An Investigation about Risk and its Management Approaches In Iran Interest Free Banking System. Adams, N. A., & Odartey Lamptey, A. (2009). Customer perceived value in internet banking in Ghana. Master’s thesis, Lulea University of Technology: Sweden. AL-Rawashdeh, B. S., Abu-Errub, A. M., Areiqat, A. Y., & Dbbaghieh, M. (2012). Information Technology Role in Reducing E-Banking Services Risk in Jordanian Banking Sector. Journal of Computer Science ,8 (3),374-381. Alshibly, H. H. (2011). An extended Tam Model to evaluate user's acceptance of electronic cheque clearing systems at Jordanian Commercial Banks. Australian Journal of Basic and Applied Sciences, 5(5), 147-156. Anghelache, G-V., Cozmanca, B-O., Handoreanu, C-A., Obreja, C., Olteanu, A-C. & Radu, A-N. (2011). Operational risk- an assessment at international level. International Journal of mathematical Models and Methods in Applied Sciences, 1(5),184-192. 59 University of Ghana http://ugspace.ug.edu.gh Ayrga, A. (2011). Is Mauritius Ready to E-Bank? From A Customer and Banking Perspective. Journal of Internet Banking and Commerce, 16(1). Balachandler, K. G., Santha, V., Norhazlin, I., & Rajendra, P. (2001). Electronic banking in Malaysia: Evolution of services and consumer reaction. Bank for International Settlement. (2003). Basel Committee on Banking Supervision Risk Management Principles for Electronic Banking. Retrieved November 25, 2010, from http://www.bis.org/publ/bcbs98.htm. Barnett, R., Coleman, J., Shezaf, O., Grossman, J., & Auger, R. (2009). Web hacking incident database. Barreiro, P., L., &Albandoz, J. P.(2001). Population and sample. Sampling techniques. Management mathematics for European schools, 6. Bank for International Settlement. (2003). Basel Committee on Banking Supervision Risk Management Principles for Electronic Banking. Retrieved November 25, 2010, from http://www.bis.org/publ/bcbs98.htm. Basel Committee on Banking Supervision. (2006). International Convergence of Capital Measurement and Capital Standards: A Revised Framework Comprehensive Version. Switzerland: Bank for International Settlements. Retrieved January 6, 2009, from http://www.bis.org/publ/bcbs128.pdf. Basel Committee on Banking Supervision. (2009). Enhancements to the Basel II Framework. Switzerland: Bank for International Settlements. Retrieved January 5, 2012, from http://www.bis.org/publ/bcbs157.pdf. Basel Committee on Banking Supervision. (2011). Principles for the Sound Management of Operational Risk – final document. Switzerland: Bank for International Settlements. Retrieved from http://www.bis.org/publ/bcbs195.pdf. Bonsón E., Escobar, T., & Flores, F. (2008) Operational Risk Measurement in Banking Institutions and Investment Firms: New European Evidences. Financial Markets, Institutions and Instruments, 17(4), 287-307. 60 University of Ghana http://ugspace.ug.edu.gh Brady, M., Saren, M., & Tzokas, N. (2002). Integrating information technology into marketing practice - the IT reality of contemporary marketing practice. Journal of Marketing Management, 18(5-6), 555-577. Bryman, A. & Bell, E. (2015). Business Research Methods. (4th Ed.).Oxford University Press, USA. ISBN: 978-0-19-966864-9; p.347. Retrieved February 16, 2016, from http://www.books.google.com. Cheng, T. E., Lam, D. Y., & Yeung, A. C. (2006). Adoption of internet banking: an empirical study in Hong Kong. Decision support systems, 42(3), 1558-1572. Chovanová, A. (2006). Forms of electronic banking. BIATEC, 14(6), 22-25. Christopher, G., Mike, C., Visit, L., & Amy, W. (2006). A Logit Analysis of Electronic Banking in New–Zealand. International Journal of Bank Marketing, 24(1), 360-383. Clarke, R. (2001). Innovation diffusion resources. Open Site. Retrieved September 25, 2005, http://www. anu. edu. au/people/Roger. Clarke/SOS/InnDiffISW. html. Creswell,J.,W.(2012). Educational research. Planning, conducting, and evaluating quantitative and qualitative research. University of Nebraska, Lincoln. Creswell, J. W., & Plano Clark, V. L. (2011). Designing and Conducting Mixed Methods Research (2nd Ed.). Thousand Oaks, CA: Sage Publications. Crosland, M. NCR Corporation. (2010). Consumer behaviour drives innovation in ATM Technology. Retrieved from http://www.atmmarketplace.com. Daniel, E. (1999). Provision of electronic banking in the UK and the Republic of Ireland. International Journal of bank marketing, 17(2), 72-83. Davis, F. D., Bagozzi, R. P., & Warshaw, P. R. (1989). User acceptance of computer technology: a comparison of two theoretical models. Management science, 35(8), 982- 1003. Federal Deposit Insurance Corporation. (2007). Retrieved from http://www.fdic.gov/regulations/examinations/trustmanual/section_2/fdic_section_2 -internal_controls_and_auditing. html . 61 University of Ghana http://ugspace.ug.edu.gh Federal Financial Institutions Examination Council (2003). FFIEC IT examination handbook on E-Banking EB, Federal Register Ed. Vol. 67, No. 237. Federal Trade Commission. (2006). FTC Facts for Consumers. Washington DC: Federal Trade Commission. Financial Fraud Action UK,. (2011). Fraud The Facts: The Definitive Overview of Payment Industry Fraud and Measures to Prevent It [online]. London: Financial Fraud Action UK. Available from: http://www.financialfraudaction.org.uk/Publications/#/1/. Florina, V., Liliana, M., & Viorica, I. (2008). Risk Management of E-banking Activities. Available at http://steconomice.uoradea.ro/anale/volume/2008/v3-finances-banks- accountancy/160.pdf. Accessed on 04/02/10. Georgescu, M. (2006). Some issues about risk management for e-banking. Available at SSRN 903419. Giannakoudi, S. (1999). Internet banking: the digital voyage of banking and money in cyberspace. Information and Communications Technology Law, 8(3), 205-243. Gup, B., & Kolari, J. (2005). Commercial banks. (3rd Ed).United States: John Wiley & Sons. Hair, Jr J.F., Money, A.H., Samuel, P., & Page, M. (2012). Research methods for business. John Wiley and Sons Ltd. Chichester, UK. Hong Kong Monetary Authority. (2015). Risk Management of E-banking, Supervisory Policy Manual, TM-E1. Retrieved from http://www.hkma.gov.hk/media/eng/doc/key- functions/banking-stability/supervisory-policymanual/TM-E-1.pdf Hubbard, D. W. (2010) How to Measure Anything: Finding the Value of “Intangibles” in Business. 2nd edn., New Jersey: John Wiley & Sons, Inc. Ihejiahi, R. (2009). How to fight ATM fraud online. Nigeria Daily News, 21. Imala, O. I. (2002). Electronic Commerce and Telecommunications in Nigeria: Bank Regulator Perspective.Paper presented at the International Conference on Electronic Commerce and Telecommunications in Nigeria, Lagos, 23rd September. 62 University of Ghana http://ugspace.ug.edu.gh International Organization for Standardization (2011). ISO / IEC 27005. Information Technology - Security Techniques - Information Security Risk Management. Geneva: International Organization for Standardization. Internet Banking Handbook. (2001). Federal Reserve Board of Chicago’s Office of the Comptroller of the Currency (OCC). Jehangir, M., Zahid, M., Jan, S., & Khan, A. (2016). Benefits and Risks of Electronic Banking in the Context of Customer Satisfaction. Journal of Applied Environmental and Biological Sciences, J. Appl. Environ. Biol. Sci., 6(3)112-117. Jen, N. & Michael, W. (2006). Journal of Electronic Commerce Research,7(2). Karjaluoto, H., Mattila, M., & Pento, T. (2002). Factors underlying attitude formation towards online banking in Finland. International Journal of Bank Marketing, 20 (6), 261-271. Khan, A. R. & Karim, M. (1997). E-banking and Extended Risks, How to deal with challenge?. Retrieved from http://www. ru.ac.bd/finance/images/stories/working_ papers/ebanking-edited.pdf. Kolodinsky, J. M., Hogarth, J. M., & Hilgert, M .A. (2004).The adoption of electronic banking technologies by U.S consumers. The International Journal of Bank Marketing. 22(4), 238-259. Kondabagil, J. (2007). Risk management in electronic banking: Concepts and best practices (Vol. 454). John Wiley & Sons. Laura, A. (2014). The Importance of E-banking in Business. Demand Media. Leow, H. B. (1999). New distribution channels in banking services. Banker’s Journal Malaysia, 110, 48-56. Mihalcescu, C., Ciolacu, B., Pavel, F., & Titrade, C. (2008). Risk and Innovation in e- Banking. Romanian economic and business review, 3(2), 86. MollaZade.(2010). Study of Effective Factors at the E-banking Operational Risk in the MaskanBank. The Master of Business Administration, Islamic Azad University, Kermanshah Branch, Iran. 63 University of Ghana http://ugspace.ug.edu.gh Money and Bank Research Center (MBRC). (1999). Electronic Banking and Its Strategies in Iran. Winter. Center Bank of Iran (text Persian of ISC). Money and Bank Research Center (MBRC). (2005). Electronic Banking and Its Administrative Requirements in Comparison of Operational Costs of Different Banking Services, Spring. Center Bank of Iran (Text Persian of ISC). Nwogu, E. & Odoh, M. (2015). Security Issues Analysis on Online Banking Implementations in Nigeria, International Journal of Computer Science and Telecommunications, 6 (1),20-27. Nzevela, A. K. (2015). The Effect of Internet Banking Risk Management Strategies on Financial Performance of Commercial (Doctoral Dissertation, School of Business). University of Nairobi. Palinkas, L. A., Horwitz, S. M., Green, C. A., Wisdom, J. P., Duan, N. & Hoagwood, K. (2015). Purposeful sampling for qualitative data collection and analysis in mixed method implementation research. Administration and policy in mental health and mental health services research, 42(5); 432: 533-544. Pennathur, K, A. (2001) “Clicks and Bricks” e-risk Mananagement for banks in the age of the internet, journal of banking & finance 25, 2103-2123. Polatoglu, V. N., & Ekin, S. (2001). An empirical investigation of the Turkish consumers' acceptance of internet banking services. International Journal of Bank Marketing, 19(4), 156-65. Ramakrishnan, G. (2001). Risk management for internet banking. Information Systems Control Journal, 6, 48-51. Rogers, E. M. (1995). Diffusion of Innovations: modifications of a model for telecommunications. In Die diffusion von innovationen in der telekommunikation (pp. 25- 38). Springer, Berlin, Heidelberg. Rose, P. S. (1999). Commercial Bank Management.(4th Ed.).Irwin/McGraw- Hill:Boston, USA. 64 University of Ghana http://ugspace.ug.edu.gh Sathye, M. (1999). Adoption of internet banking by Australian consumers: an empirical investigation. International Journal of Bank Marketing, 17 (7), 324-334. Schutt, R.K. (2011). Investigating the social world: The process and practice of research. Pine Forge Press. Sevcik, P. (2004). Innovation diffusion. Business Communication Review, 34(9), 8-11. Shirazi, S. H. (2003). Risk Profile in E-banking.The Pakistan Accountant. Singhal, D., & Padhmanabhan, V. (2008). A study on customer perception towards internet banking: Identifying major contributing factors. Journal of Nepalese business studies, 5(1), 101-111. Sokolov, D. (2007). E-banking: risk management practices of the Estonian banks. Institute of Economics at Tallinn University of Technology, 101. Stamoulis, D., Kanellis, P., & Martakos, D. (2002). An approach and model for assessing the business value of e-banking distribution channels: evaluation as communication. International Journal of Information Management, 22(4), 247-261. Talbot, L. (Ed.). (1995). Principles and practice of nursing research. St. Louis, MO : Mosby Incorporated. Thulani, D., Tofara, C & Langton, R. (2009). Adoption and Use of Internet Banking in Zimbabwe: An Exploratory Study. Journal of Internet Banking and Commerce, Vol. 14(1). Titrade, C., Ciolacu, P., & Pavel, F. (2008). E-banking--Impact, Risks, Security. The Annals of the University of Oradea Economic Sciences, 17(1), 1537-1542. Trenca, I., Silivestru, H., & Paun, D. (2010). New Trends Concerning Operational Risc In E- Banking. Analele Stiintifice ale Universitatii" Alexandru Ioan Cuza" din Iasi-Stiinte Economice, 171-180. UK Payments Administration. (2011). Fraud Losses Drop on UK Cards, Cheques and Online Banking [online]. UK Payments Administration Press Releases. Retrieved from: http://www.ukpayments.org.uk/media_centre/press_releases/-/page/1324/. 65 University of Ghana http://ugspace.ug.edu.gh Zarei, S. (2011). Risk management of internet banking. In Recent Researches in Artificial Intelligence. 10th WSEAS International conference on Artificial Intelligence, Knowledge Engineering and Data Bases (AIKED 11), Cambridge, UK. 66 University of Ghana http://ugspace.ug.edu.gh 67 University of Ghana http://ugspace.ug.edu.gh APPENDIX 1: STAFF QUESTIONNAIRE UNIVERSITY OF GHANA BUSINESS SCHOOL DEPARTMENT OF FINANCE Dear Respondent, Thank you in advance for completing this question for my research. I am a student of the University of Ghana Business School currently conducting a study on “Managing the Risk of Electronic Banking: A comparative Study of Local and Foreign Banks in Ghana”. The study is purely an academic exercise, therefore any information given would be treated with utmost confidentiality. It is against these backdrops, therefore that your input is very important to make this study a success. Thank you. PART 1: Demographic information INSTRUCTION: Please answer by ticking (√) in the box beside your choice and specify where necessary. 1. Sex: a. Male b. Female 2. Age(years): a. Less than 29 years b. 30 – 39 years c. 40 – 49 years d. 50 years and above 68 University of Ghana http://ugspace.ug.edu.gh 3. What is the highest level of education? Please select the most appropriate. a. Post Graduate Degree b. Graduate Degree c. HND d. Other, please specify…………………………………………… 4. Marital status: a. Single b. Married c. Divorced d. Widowed e. Separated 5. Is your bank a local or foreign bank? a. Local b. Foreign 6. Years of work experience in the banking field a. Less than 2 years b. 2 to 5 years c. 5 to 10 years d. 10 years 7. Please specify your position: a. Operation Manager b. EB Risk Management Officer c. Other, please specify…………………………………………… 8. Does your bank offer electronic banking service(s)? a. Yes b. No 69 University of Ghana http://ugspace.ug.edu.gh PART 2: Identifying risks associated with electronic banking among local and foreign banks in Ghana. 9. Using the scale; 1 = Strongly Disagree (SD); 2 = Disagree (D); 3 = Neutral (N); 4 = Agree (A); and 5 = Strongly Agree (SA), kindly indicate your level of agreement with each of the statements in terms of the risks associated with electronic banking. Scale No. Risks associated with Electronic Banking 1 2 3 4 5 Q1. Electronic banking has the chance of fraud. Q2. Electronic banking lacks information security. Q3. Electronic banking is faced with networks failures. Q4. Electronic banking has many legal and security issues. Q5. Electronic banking has less operational reliability. PART 3: Risk management of electronic banking based on the fourteen (14) principles of basel committee. Using the scale; 1 = Strongly Disagree (SD); 2 = Disagree (D); 3 = Neutral (N); 4 = Agree (A); and 5 = Strongly Agree (SA), kindly state your level of agreement with the following statements in terms of how your bank comply to these principles. Statement Scale No. A. Board and management oversight (Principles 1 to 3) 1 2 3 4 5 Q1. The Board of Directors and Senior Managers has established effective Management Oversight over the risks associated with E-banking activities, including the establishment of specific policies and controls to manage these risks. Q2. The Board of Directors and Senior Managers have reviewed and approved the key aspects of the bank’s security control process. Q3. The Board of Directors and Senior Management have established a comprehensive and ongoing due diligence and oversight process for 70 University of Ghana http://ugspace.ug.edu.gh managing the bank's outsourcing relationships and other third-party dependencies supporting E-banking. B. Security controls (Principles 4 to 10) Q4. The Bank takes appropriate measures to authenticate the identity and authorization of customers with whom it conducts business with. Q5. The Bank uses transaction authentication methods that promote non- repudiation and establish accountability for E-banking transactions. Q6. The Bank ensures that appropriate measures are in place to promote adequate segregation of duties within e-banking systems. Q7. The Bank ensures that proper authorization controls and access privileges are in place for E-banking systems, databases and applications. Q8. There are clear audit trails for all E-banking transactions. Q9. The Bank ensures that appropriate measures are in place to protect the data integrity of E - banking transactions, records and information. Q10. The Bank takes appropriate measures to preserve the confidentiality of key E-banking information. Legal and reputational risk management (Principles 11 to 14) Q11. The Bank ensures that adequate information is provided on their websites to allow potential customers to make an informed conclusion about their E-banking services. Q12. The Bank takes appropriate measures to ensure adherence to customer privacy requirements. Q13. The Banks has an effective capacity, business continuity and contingency planning process to help ensure the availability of E- banking services. Q14. The Bank has a developed appropriate incident response plan to manage, contain and minimize problems arising from unexpected events including internal and external attacks. Thank you for your time. 71 University of Ghana http://ugspace.ug.edu.gh APPENDIX 2:INTERVIEW GUIDE FOR STAFF UNIVERSITY OF GHANA BUSINESS SCHOOL DEPARTMENT OF FINANCE Dear Respondent, Thank you in advance for completing this question for my research. I am a student of the University of Ghana Business School currently conducting a study on “Managing the Risk of Electronic Banking: A comparative Study of Local and Foreign Banks in Ghana”. The study is purely an academic exercise, therefore any information given would be treated with utmost confidentiality. It is against these backdrops, therefore that your input is very important to make this study a success. Thank you. PART 1: Demographic information INSTRUCTION: Please answer by ticking (√) in the box beside your choice and specify or write where necessary. 1. Sex: a. Male b. Female 2. Age(years): a. Less than 29 years b. 30 – 39 years c. 40 – 49 years d. 50 years and above 72 University of Ghana http://ugspace.ug.edu.gh 3. What is the highest level of education? Please select the most appropriate. a. Post Graduate Degree b. Graduate Degree c. HND d. Other, please specify…………………………………………… 4. Marital status: a. Single b. Married c. Divorced d. Widowed e. Separated 5. Is your bank a local or foreign bank? a. Local b. Foreign 6. Years of work experience in the banking field a. Less than 2 years b. 2 to 5 years c. 5 to 10 years d. 10 years 7. Please specify your position: a. Operation Manager b. EB Risk Management Officer c. Other, please specify…………………………………………… 8. Position of interviewee…………………………………………… 73 University of Ghana http://ugspace.ug.edu.gh SECTION B: Examing the effects of electronic banking risks on banks. 1. How often is your bank E- banking channels tested against common techniques fraudsters use to break into the bank’s server by misleading application? 2. What procedures are implemented to verify the accuracy and content of websites information and links to other websites or interactive programs available to customers? 3. How does the bank mitigate the various risks associated with electronic banking? 4. How does E- banking risk affect the banks based on the following? i. Operational ii. Legal iii. Reputational iv. Strategic Thank you for your time. 74