我国商业银行信息科技风险监管研究
|
摘要
现代科学技术的迅猛发展,深刻影响和改变着现代金融业的发展和运行模式。尤其是,现代商业银行对信息技术高度依赖,从业务电子化到管理信息化,从数据大集中到信息集成系统,从前端营业柜台直至战略管理层,信息科技几乎渗透到商业银行的方方面面,已经成为现代商业银行正常经营运转的基础设施,极大地提高了商业银行的经营效率,是商业银行核心竞争力的重要构成要素。但是伴随着银行信息化程度的不断提高,伴随信息科技与银行业务融合度越来越高,信息科技风险事件频繁发生。据BIS统计(2002,2003a),商业银行90%以上的金融风险事件都与信息科技间接相关,50%以上的已经报告的损失事件与信息科技间接相关。
从商业银行经营管理来看,现代银行业机构信息技术架构庞大、设施复杂、所涉及的内容繁多,综合了应用系统、操作系统、网络、数据库、软件、硬件等技术以及管理等方面内容,其中任何缺陷及不可抗力因素都会影响商业银行的正常运行;从商业银行外部监管来看,信息科技的安全性、可靠性和有效性直接关系商业银行的安全稳健运行,同时可能引发系统性风险,导致金融体系无法正常运转,甚至危及一国金融经济稳定。因此,目前商业银行信息科技风险已经成为全世界各国金融监管部门关注的焦点。
在我国,当前商业银行信息科技化建设正处于高速发展时期,较之于传统的银行风险及其监管,国内对商业银行信息科技风险监管的认识较少,理论研究也不够,实践中对于商业银行信息科技风险的管理和监管均较为滞后。在此背景下,笔者作为一名监管从业者试图吸收借鉴国际现行重要准则,对商业银行信息科技风险监管进行系统的理论分析,同时结合其核心要素和重点内容进行专门研究,以期提升对商业银行信息科技风险的理论认识,同时推动我国商业银行监管机构的监管实践更加科学高效。
论文第一部分为基础理论分析。首先从经济学视角结合商业银行信息化理论,对于商业银行信息科技应用进行理论研究。分析发现信息科技有效降低了商业银行的运营成本,推动商业银行信息生产功能和风险管理功能的完善和扩展,并成为商业银行维护客户关系的重要手段。分析表明信息科技已构成商业银行正常运转的基础设施,是其内在组成的一部分,改变和延伸了商业银行的职能。基于这个前提,论文分析了商业银行信息科技风险的内涵和外延,指出其内在的运行机理、特征。其次,论文进一步从信息科技风险对传统金融理论,如金融市场失灵理论、金融脆弱性理论、消费者保护理论和巴塞尔全面风险监管理论带来的冲击及其新的表现形式和要求,论证了信息科技风险监管的理论根源及其外在的要求。
基础理论分析表明,信息科技风险放大了商业银行的外部性效应和金融脆弱性,加大了内部信息不对称,扩展了消费者保护的内涵和外延,对传统金融监管理论和实践提出了挑战。因此,对信息科技风险的监管,必须借鉴国际经验构建具有指导性的监管标准,对信息科技风险进行科学计量,构建全面风险评级体系评价商业银行的信息科技风险管理能力,并对信息科技风险重要领域进行专项研究。
论文第二部分分别从国际监管标准和国际监管实践两个角度回答信息科技风险“需要什么样的监管”这一问题。结合国际公认的操作指引,如COBIT信息科技管理标准和巴塞尔操作风险管理指导原则,提出了专门的信息科技风险管理指导原则;并对国外发达国家和新兴市场经济国家的信息科技风险监管进行了国际比较和经验借鉴研究从监管理念、组织架构、监管手段和法律法规制度环境等诸方面,形成了完整系统的国际实践比较研究。第三部分旨在解决“如何监管”的问题,论文对信息科技风险计量、信息科技风险监管评级体系及信息科技风险监管的两个重点领域问题进行研究。
信息科技风险计量问题一直以来各国金融监管当局面临的重大监管难题。鉴于巴塞尔新资本协议将信息科技风险纳入操作风险进行管理,论文首先借鉴巴塞尔新资本协议操作风险计量方法,对信息科技风险计量进行了初步探讨其次对信息科技风险中的信息安全风险的VaR计量方法进行了研究,构建了完整的计量方法和评估案例,这为监管资本的计提以及实际监管措施实施提供了依据。
在信息科技风险评级方面,论文对国际通行的URSIT评级标准进行了研究,并以此为基础构建了我国商业银行信息科技风险监管评级体系。其特点在于:首先,评级指标的选择主要依据2009年银监会公布的《商业银行信息科技风险监管指引》,既满足合规性要求,同时又宜于操作,便于监管机构的采用;其次,对所有指标都设计了检查问题,并汇总设计了检查评分表,使监管机构可以通过检查方式对商业银行进行打分评价;第三,笔者通过调研和座谈的方法,邀请了监管机构与商业银行内部专家参与,科学合理地确定了各类指标的权重,从而使评级体系更具操作性。
在银行IT外包监管方面,论文首先从理论上分析了商业银行IT外包理论,考察其内在的形成机理及风险来源;其次,系统考察了国际发达国家的外包监管实践,比较分析;最后,根据我国当前商业银行IT外包监管中存在的问题,如过分强调银行的风险管理职责、未将信息技术服务商作为直接监管对象的现状,分析研究提出“从银行监管到服务商监管”的理念,这也是我国商业银行IT外包监管的主要方向,同时提出了国内服务商监管的监管标准。
在业务连续性监管方面,论文首先运用商业银行业务连续性理论对于这一问题的起源、内涵与标准进行研究分析。其次,对商业银行业务连续性监管的核心问题,即商业银行BCP开发与演练进行专门研究。最后,结合对美国、新加坡、香港的监管实践的考察,论文提出了我国商业银行业务连续性监管检查标准。检查标准包括两个层面——管理层面的检查和技术层面的检查,在我国尚未出台专门的业务连续性监管指引的情况下对业务连续性监管工作具有一定参考价值。
论文最后结合我国商业银行信息科技风险监管现实,提出了完善我国商业银行信息科技风险监管的政策建议,涵盖了信息科技风险监管体系建设和信息科技风险重点领域监管两大方面,重点强调:第一,应将信息科技风险纳入银行全面风险监管范畴,对信息科技风险进行单独评级并最终将信息科技风险纳入监管资本要求;第二,以立法方式明确对IT外包技术服务商的监管权力,将外包监管的对象由银行延伸至服务商;第三,研究出台“业务连续性”专项监管指引,引导商业银行制定适应各自特点的业务连续性规划并开展应急演练;第四,通过建立信息技术实验室和加强对新技术的专题研究等方式,探索以更先进的技术手段来监管信息技术风险;第五,培养和储备信息科技监管专业人才,鼓励监管人员获取CISA和CISSP等专业资质。
The rapid development of modern technology has changed the roadmap and operation of financial industry. Information technology (IT) has been playing an increasingly important role in banking industry. From front desks to senior management, electronic banking to management information system, IT has become an integral part of infrastructure that sustains banks'operation and improves banks'efficiency greatly, and therefore turned into an key part of banks' core competitiveness. However, with the increasing application of IT system, IT risk events happen frequently. According to BIS statistics (2002,2003a), over 90% of risk events and over 50% of the reported loss events are related to information technology, respectively.
On the side of bank management, banks are characterized by their complex and complicated IT frameworks and equipments which integrate operational system, application system, database, intranet, and etc, and any deficiencies of them or force majeure may impact the sound operation of the whole bank. On the side of bank supervision, IT risk has been the supervisory focus for supervisors worldwide since IT is vital to banks'operation and deficiencies of it may cause systemic risks and negatively impact the financial and economic stability.
In China, IT infrastructure of banks is in the process of rapid development. Compared to traditional risk categories, the IT risk management and supervision lag behinds due to limited knowledge and less focus. Therefore, as a regulator, the author intends to make systemic analysis on IT risk supervision in light of international principles and conducts special research on its core areas, so as to enhance the theoretical research and the supervision of IT risks.
Part I of the thesis is basic theoretical analysis. Firstly, the thesis uses economics analytical methods to study IT application and finds out the application of IT makes contributions to operational costs reducing, information exchange and risk management improvement, and becomes am important tool for customer maintenance. Theoretical analysis also shows that IT has become an indispensable part of banks'infrastructure, changed and extended the functions of banks. Secondly, the thesis demonstrates the theoretical and practical basis of IT risk supervision by studying the impact of IT risk on traditional financial theories, such as the theory of Market Break Down、the theory of Financial Fragility and the theory of Consumer Protect.
Basic theoretical analysis indicates that IT risk magnifies the externalities and financial fragility of commercial banks, sharpens the internal information asymmetry and brings challenges for traditional financial supervisory theory and practice. Therefore, supervisory guidelines should be developed by drawing from international practices to measure IT risk, construct comprehensive risk rating system to assess IT risk management capacities of commercial banks and conduct special research on key areas of IT risk.
PartⅡprovides responses to the question of what kind of supervision is needed from the perspective of international supervisory standards and practices and work out principles for IT risk management at the basis of studying internationally accepted guidelines, such as COBIT and Basel principles for operational risk management. In addition, the thesis conducts a complete comparative analysis of international supervisory practices covering supervisory ideas, organizational structures, supervisory approaches and institutional settings.
PartⅢaims to address the problem of "how shall we supervise" and conducts research on IT risk measurement and supervision. IT risk measurement has always been a difficult problem for supervisors. The BaselⅢincorporates IT risk into operational risk. Drawing from BaselⅢ, the thesis makes analysis on IT risk measurement, studies the VaR for information safety risk within IT risk, and provides a complete measuring method and cases for study, and thus lays down basis for regulatory capital requirement for IT risk.
With regard to IT risk rating, drawing from international standard of URSIT, the thesis builds an IT rating system. Firstly, the rating indicators is in line with the Guidelines on IT risk supervision of commercial banks issued by the CBRC in 2009, and thus not only meet the compliance requirements, but are also convenient for regulators. Secondly, examination questions are designed for all indicators and a comprehensive score card is also designed, which enable supervisors to assess and assign rating to banks through examinations. Thirdly, the author assigns appropriate weighting to each indicators based on careful research and discussions with banks and supervisors.
With regard to the supervision of IT outsourcing, the thesis makes analysis of the sources of IT outsourcing risk and studies international practices on IT outsourcing supervision. As the current supervision focuses on bank risk management and do not cover IT service provider, the thesis suggests that extending supervision from banks to cover IT service provider is the and design the pattern and procedures on the supervision of IT service provider.
With regard to the supervision on business continuity, the thesis discusses the development and drill of business continuity plans of commercial banks and designs examination procedures of business continuity for commercial banks comprising procedures for management exanimation and technology, which is of some value in the absence of special guidelines on business continuity.
Finally, this thesis takes into account the current supervisory practice of IT risk and provides policy recommendations for enhancing IT risk supervision of the banking sector, which can be summarized as follows:1) IT risk should be integrated into the bank's overall risk management, be assessed and assigned rating separately and subject to regulatory capital requirement; 2) supervision should be extended to cover technical service providers by giving regulators legal authorities; 3) guidelines on business continuity should be made for guiding commercial banks to develop business continuity plans and conduct emergency drills; 4) more advanced techniques and instruments should be developed to supervise IT risk by establishing IT laboratories and strengthening research on new technology; 5) the specialist expertise for IT risk of regulatory authorities should be enhanced by cultivating and attracting IT risk experts and encouraging them to obtain professional qualifications such as CISA and CISSP.
从商业银行经营管理来看,现代银行业机构信息技术架构庞大、设施复杂、所涉及的内容繁多,综合了应用系统、操作系统、网络、数据库、软件、硬件等技术以及管理等方面内容,其中任何缺陷及不可抗力因素都会影响商业银行的正常运行;从商业银行外部监管来看,信息科技的安全性、可靠性和有效性直接关系商业银行的安全稳健运行,同时可能引发系统性风险,导致金融体系无法正常运转,甚至危及一国金融经济稳定。因此,目前商业银行信息科技风险已经成为全世界各国金融监管部门关注的焦点。
在我国,当前商业银行信息科技化建设正处于高速发展时期,较之于传统的银行风险及其监管,国内对商业银行信息科技风险监管的认识较少,理论研究也不够,实践中对于商业银行信息科技风险的管理和监管均较为滞后。在此背景下,笔者作为一名监管从业者试图吸收借鉴国际现行重要准则,对商业银行信息科技风险监管进行系统的理论分析,同时结合其核心要素和重点内容进行专门研究,以期提升对商业银行信息科技风险的理论认识,同时推动我国商业银行监管机构的监管实践更加科学高效。
论文第一部分为基础理论分析。首先从经济学视角结合商业银行信息化理论,对于商业银行信息科技应用进行理论研究。分析发现信息科技有效降低了商业银行的运营成本,推动商业银行信息生产功能和风险管理功能的完善和扩展,并成为商业银行维护客户关系的重要手段。分析表明信息科技已构成商业银行正常运转的基础设施,是其内在组成的一部分,改变和延伸了商业银行的职能。基于这个前提,论文分析了商业银行信息科技风险的内涵和外延,指出其内在的运行机理、特征。其次,论文进一步从信息科技风险对传统金融理论,如金融市场失灵理论、金融脆弱性理论、消费者保护理论和巴塞尔全面风险监管理论带来的冲击及其新的表现形式和要求,论证了信息科技风险监管的理论根源及其外在的要求。
基础理论分析表明,信息科技风险放大了商业银行的外部性效应和金融脆弱性,加大了内部信息不对称,扩展了消费者保护的内涵和外延,对传统金融监管理论和实践提出了挑战。因此,对信息科技风险的监管,必须借鉴国际经验构建具有指导性的监管标准,对信息科技风险进行科学计量,构建全面风险评级体系评价商业银行的信息科技风险管理能力,并对信息科技风险重要领域进行专项研究。
论文第二部分分别从国际监管标准和国际监管实践两个角度回答信息科技风险“需要什么样的监管”这一问题。结合国际公认的操作指引,如COBIT信息科技管理标准和巴塞尔操作风险管理指导原则,提出了专门的信息科技风险管理指导原则;并对国外发达国家和新兴市场经济国家的信息科技风险监管进行了国际比较和经验借鉴研究从监管理念、组织架构、监管手段和法律法规制度环境等诸方面,形成了完整系统的国际实践比较研究。第三部分旨在解决“如何监管”的问题,论文对信息科技风险计量、信息科技风险监管评级体系及信息科技风险监管的两个重点领域问题进行研究。
信息科技风险计量问题一直以来各国金融监管当局面临的重大监管难题。鉴于巴塞尔新资本协议将信息科技风险纳入操作风险进行管理,论文首先借鉴巴塞尔新资本协议操作风险计量方法,对信息科技风险计量进行了初步探讨其次对信息科技风险中的信息安全风险的VaR计量方法进行了研究,构建了完整的计量方法和评估案例,这为监管资本的计提以及实际监管措施实施提供了依据。
在信息科技风险评级方面,论文对国际通行的URSIT评级标准进行了研究,并以此为基础构建了我国商业银行信息科技风险监管评级体系。其特点在于:首先,评级指标的选择主要依据2009年银监会公布的《商业银行信息科技风险监管指引》,既满足合规性要求,同时又宜于操作,便于监管机构的采用;其次,对所有指标都设计了检查问题,并汇总设计了检查评分表,使监管机构可以通过检查方式对商业银行进行打分评价;第三,笔者通过调研和座谈的方法,邀请了监管机构与商业银行内部专家参与,科学合理地确定了各类指标的权重,从而使评级体系更具操作性。
在银行IT外包监管方面,论文首先从理论上分析了商业银行IT外包理论,考察其内在的形成机理及风险来源;其次,系统考察了国际发达国家的外包监管实践,比较分析;最后,根据我国当前商业银行IT外包监管中存在的问题,如过分强调银行的风险管理职责、未将信息技术服务商作为直接监管对象的现状,分析研究提出“从银行监管到服务商监管”的理念,这也是我国商业银行IT外包监管的主要方向,同时提出了国内服务商监管的监管标准。
在业务连续性监管方面,论文首先运用商业银行业务连续性理论对于这一问题的起源、内涵与标准进行研究分析。其次,对商业银行业务连续性监管的核心问题,即商业银行BCP开发与演练进行专门研究。最后,结合对美国、新加坡、香港的监管实践的考察,论文提出了我国商业银行业务连续性监管检查标准。检查标准包括两个层面——管理层面的检查和技术层面的检查,在我国尚未出台专门的业务连续性监管指引的情况下对业务连续性监管工作具有一定参考价值。
论文最后结合我国商业银行信息科技风险监管现实,提出了完善我国商业银行信息科技风险监管的政策建议,涵盖了信息科技风险监管体系建设和信息科技风险重点领域监管两大方面,重点强调:第一,应将信息科技风险纳入银行全面风险监管范畴,对信息科技风险进行单独评级并最终将信息科技风险纳入监管资本要求;第二,以立法方式明确对IT外包技术服务商的监管权力,将外包监管的对象由银行延伸至服务商;第三,研究出台“业务连续性”专项监管指引,引导商业银行制定适应各自特点的业务连续性规划并开展应急演练;第四,通过建立信息技术实验室和加强对新技术的专题研究等方式,探索以更先进的技术手段来监管信息技术风险;第五,培养和储备信息科技监管专业人才,鼓励监管人员获取CISA和CISSP等专业资质。
The rapid development of modern technology has changed the roadmap and operation of financial industry. Information technology (IT) has been playing an increasingly important role in banking industry. From front desks to senior management, electronic banking to management information system, IT has become an integral part of infrastructure that sustains banks'operation and improves banks'efficiency greatly, and therefore turned into an key part of banks' core competitiveness. However, with the increasing application of IT system, IT risk events happen frequently. According to BIS statistics (2002,2003a), over 90% of risk events and over 50% of the reported loss events are related to information technology, respectively.
On the side of bank management, banks are characterized by their complex and complicated IT frameworks and equipments which integrate operational system, application system, database, intranet, and etc, and any deficiencies of them or force majeure may impact the sound operation of the whole bank. On the side of bank supervision, IT risk has been the supervisory focus for supervisors worldwide since IT is vital to banks'operation and deficiencies of it may cause systemic risks and negatively impact the financial and economic stability.
In China, IT infrastructure of banks is in the process of rapid development. Compared to traditional risk categories, the IT risk management and supervision lag behinds due to limited knowledge and less focus. Therefore, as a regulator, the author intends to make systemic analysis on IT risk supervision in light of international principles and conducts special research on its core areas, so as to enhance the theoretical research and the supervision of IT risks.
Part I of the thesis is basic theoretical analysis. Firstly, the thesis uses economics analytical methods to study IT application and finds out the application of IT makes contributions to operational costs reducing, information exchange and risk management improvement, and becomes am important tool for customer maintenance. Theoretical analysis also shows that IT has become an indispensable part of banks'infrastructure, changed and extended the functions of banks. Secondly, the thesis demonstrates the theoretical and practical basis of IT risk supervision by studying the impact of IT risk on traditional financial theories, such as the theory of Market Break Down、the theory of Financial Fragility and the theory of Consumer Protect.
Basic theoretical analysis indicates that IT risk magnifies the externalities and financial fragility of commercial banks, sharpens the internal information asymmetry and brings challenges for traditional financial supervisory theory and practice. Therefore, supervisory guidelines should be developed by drawing from international practices to measure IT risk, construct comprehensive risk rating system to assess IT risk management capacities of commercial banks and conduct special research on key areas of IT risk.
PartⅡprovides responses to the question of what kind of supervision is needed from the perspective of international supervisory standards and practices and work out principles for IT risk management at the basis of studying internationally accepted guidelines, such as COBIT and Basel principles for operational risk management. In addition, the thesis conducts a complete comparative analysis of international supervisory practices covering supervisory ideas, organizational structures, supervisory approaches and institutional settings.
PartⅢaims to address the problem of "how shall we supervise" and conducts research on IT risk measurement and supervision. IT risk measurement has always been a difficult problem for supervisors. The BaselⅢincorporates IT risk into operational risk. Drawing from BaselⅢ, the thesis makes analysis on IT risk measurement, studies the VaR for information safety risk within IT risk, and provides a complete measuring method and cases for study, and thus lays down basis for regulatory capital requirement for IT risk.
With regard to IT risk rating, drawing from international standard of URSIT, the thesis builds an IT rating system. Firstly, the rating indicators is in line with the Guidelines on IT risk supervision of commercial banks issued by the CBRC in 2009, and thus not only meet the compliance requirements, but are also convenient for regulators. Secondly, examination questions are designed for all indicators and a comprehensive score card is also designed, which enable supervisors to assess and assign rating to banks through examinations. Thirdly, the author assigns appropriate weighting to each indicators based on careful research and discussions with banks and supervisors.
With regard to the supervision of IT outsourcing, the thesis makes analysis of the sources of IT outsourcing risk and studies international practices on IT outsourcing supervision. As the current supervision focuses on bank risk management and do not cover IT service provider, the thesis suggests that extending supervision from banks to cover IT service provider is the and design the pattern and procedures on the supervision of IT service provider.
With regard to the supervision on business continuity, the thesis discusses the development and drill of business continuity plans of commercial banks and designs examination procedures of business continuity for commercial banks comprising procedures for management exanimation and technology, which is of some value in the absence of special guidelines on business continuity.
Finally, this thesis takes into account the current supervisory practice of IT risk and provides policy recommendations for enhancing IT risk supervision of the banking sector, which can be summarized as follows:1) IT risk should be integrated into the bank's overall risk management, be assessed and assigned rating separately and subject to regulatory capital requirement; 2) supervision should be extended to cover technical service providers by giving regulators legal authorities; 3) guidelines on business continuity should be made for guiding commercial banks to develop business continuity plans and conduct emergency drills; 4) more advanced techniques and instruments should be developed to supervise IT risk by establishing IT laboratories and strengthening research on new technology; 5) the specialist expertise for IT risk of regulatory authorities should be enhanced by cultivating and attracting IT risk experts and encouraging them to obtain professional qualifications such as CISA and CISSP.
引文
1 George J.A transactions cost approach to the theory of financial intermediation [J].Journal of Finance, 2001(9):77-83.
2张成虎,孙景,李叔彪.银行技术风险监管[M].北京:经济管理出版社,2005.
3张成虎,孙景.我国银行技术风险评级体系研究[J].金融论坛,2006(2):15.22.
4 Stephen A W Drew,1995. Accelerating innovation in financial services [J]. Long Range Planning.28 (4):
5 Birch, D. and Young M.A.,1997.Financial services and the Internet-what does cyberspace mean for the financial services industry [J]. Internet Research:Electronic Networking Applications and Policy, 7(2):120-128.
6 Morisi, Teresa L.,1996.Commercial banking transformed by computer. Monthly Labor Review,119(8): 30-36.
7 Barnatt, C.,1998.Virtual communities and financial services-on-line business potentials and strategic choice [J]. International Journal of Bank Marketing,16(4):161-169.
8 Mols, N.P.,1999.The Internet and the banks' strategic distribution channel decisions [J].International Journal of Bank Marketing,17(6):295-300.
9 Yakhlef, A.,2001.Does the Internet compete with or complement bricks and mortar bank branches? [J].International Journal of Retail & Distribution Management,29(6):272-281.
10 Bussakorn, Dieter Fink,2005. Internet banking adoption strategies for a developing country:the case of Thailand [J]. Internet Research.15(3):295-312.
11周天芸,罗橄橄.对商业银行技术投资的成本.收益分析[J].金融与经济,2002(4):16-18.
12陈如清.基于信息技术视角的商业银行业务战略转型分析[J].南方金融,2007(5):47-48.
13王雪萍,张成虎.中国商业银行信息技术资本的边际生产率及最优规模[J].金融论坛,2007(5):9-13.
14张同健.国有商业银行信息技术风险控制绩效测评模型研究[J].武汉科技大学学报(社会科学版),2008(2):39-44.
15赵昱光,张学梅.信息技术与金融发展[J].技术经济与管理研究,2009(5):104-106.
16转引自:马费成等.信息资源管理.武汉:武汉大学出版社,2003年。
17引自:陈咏新.对发展我国商业银行信用风险评估技术的几点思考(J).金融经济,2002(2):76.79。
18引自:张成虎等.银行技术风险监管.北京:经济管理出版社,2005年。
19引自:陈广山,国有商业银行信息化水平与核心能力的相关性研究,中国矿业大学(北京)博士论文,2009.10,第21页。
20引自:梁文玲.金融信息化趋势对银行业的影响及我国商业银行的应对之策[J].山东大学学报,2003(1):109-112
21谭荣华,左志刚.信息化与金融中介演进[J]财经论丛2004(3):33-39
22曾康霖主著.金融经济学[M]成都:西南财经大学出版社.2002:180-182
23欧阳勇.网络时代银行中介功能研究[D].西南财经大学博士学位论文,2007.
24陈铁军,2006,商业银行经营行为的理论研究——基于契约经济学视角的分析,西南财经大学博士论文.
25陈朝晖.商业银行信息科技风险及防控策略研究[D].北京交通大学硕士学位论文,2009
26银监会《商业银行信息科技风险管理指引》。
27胡海华.银行信息化风险评价及监管研究[D]华中科技大学硕士学位论文,2006
28王忠生,我国金融监管制度变迁研究,湖南大学博士论文,2008.
29王漩,李毅.金融监管理论演化进程及其趋势[J].华南金融研究,2001(6):8.10.
30胡维波.金融监管的理论综述[J].当代财经,2004(3):50-53.
31德沃特里庞,泰勒尔.银行监管[D].上海:复旦大学出版社,2002.
32邓宾劲.网络金融风险及其监管探析[D].电子科技大学硕士学位论文,2005
33谢平,尹龙.网络经济中的金融理论与金融治理[J].经济研究.2001(4):24-31
34 Minsky H. The Financial Instability Hypothesis:Capitalist process and the behavior of the Economy,in Financial Crisis:Theory,History and Policy, edited by Charles P.,Kindberger and Jean-Pierre Laffargue. Cambrige; Cambridge University Press,1982,13-38.
35王文超,刘好洵.后过渡期我国银行体系脆弱性研究[J].金融理论与实践.2005(5):47.50
36 Kaufman George G Bank Failures, Systemic Risk, and Bank Regulation. Cato Joumal,1996,16(1):17-46
37谢平,尹龙.网络经济中的金融理论与金融治理[J].经济研究.2001(4):24.31
38国际清算银行.巴塞尔银行监管委员会文献汇编中译本[M].北京:经济管理出版社,1997
3 见 Sound Practices for the Management and Supervision of Operational Risk, published by the Basel Committee in February 2003
41汪锦丽,沈林楠.美国银行信息技术风险监管经验及借鉴[J]华南金融电脑2004(7):20-22
42张成虎,孙景,李叔彪.银行技术风险监管[J].北京:经济管理出版社,2005.
43引自:段海涛.试论国有商业银行信息技术监管.上海金融,2005.10。
44陈文雄,信息科技风险监管和管理[J],金融电子化,2009(10):27-29.
46杨涛.商业银行信息科技风险量化与管理研究明.信息安全与技术.2010(8):66-70.
47吴卫芬.我国银行业信息技术外包的风险管理研究[M].浙江工商大学硕士学位论文,2008.
48梁贵民,曹晓军.我国银行业信息技术外包的风险管理研究[J].现代商业银行.2002(9):32.
49 Basel Committee on Banking Surpervision.Outsourcing in financial Services, Feb 2005.
[1]Aubert, B. A., Patry, M., Rivard, S. Assessing the Risk of IT Outsourcing[C]. Proceedings of the 31st Hawaii International Conference on System Sciences, Hawaii. CIRANO,1998
[2]Ahmad Abu-Musa, Exploring the importance and implementation of COB1Tprocesses in Saudi organizations [J], Information Management&Computer Security Val.17 No.2,2009, P73-95
[3]APRA,2006, Prudential Standard APS 231 outsourcing
[4]Basel Committee on Banking Surpervision.Outsourcing in financial Services, Feb 2005.
[5]Brian Cleary, How Safty is Your Data?[J] STRATEGIC FINANCE, October2008 P33-37
[6]Basel Committee on Banking Surpervisian.Working Paper on the Regulatory Treatment of Operational Risk[Z].Jan 2001.
[7]Basel Committee on Banking Surpervision. Electronic Banking Risk Management Issues for Bank Supervisors, Electronic Banking Group Initiatives and White Papers, Oct 2000
[8]Bert Scholtens, Dick van Wensveen, A Critique on the Theory of Financial Intermediation, Journal of Banking & Finance 24,2000:1243-1251
[9]Benoit A Aubert,Suzame Rivard,Michel Patry. A transaction cost model of IT outsourcing, Information & Manangement,2003
[10]Chant, J. Regulation of Financial Institutions-A Functional A nalysis, Bank of Canada Technical Report No.45,1987.
[11]D.W Diamond and P.H Dybvig.Banking Runs,Deposit Insurance, and Liquidity[J].Journal of Political Economy,1983, Vol91:401-419
[12]Earl, M. J. The Risks of Outsourcing IT[J]. Sloan Management Review, 1996,37(3):26-32
[13]Fredric William Swierczeh.Pritam K. Shrestha Information technology and productivity:a comparison ofJapanese and.Asia-Pacific banks Journal of High Thechnology Management Research 14 (2003), P269=288
[14]FDIC,2002, Information Technology Examination Procedures
[15]FDIC,2006, Guidance for Financial Institutions on the Use of Foreign-Based Third-Party Service Providers
[16]FDIC,2001, Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer Information
[17]FFIEC,2003, Business Continuity Planning
[18]FFIEC,2005, Authentication in an Internet Banking Environment
[19]FFIEC,2001, Supervision of Technology Service Providers
[20]Franklin Allen and Anthony M. Santomero,The Theory of Financial Intermediation. Journal of Banking & Finance 21,1998
[21]FSB,2006, Business Continuity Planning Guide
[22]HKMA,2002,持续业务运作规划
[23]HKMA,2004,电子银行的监管
[24]Huff, S. L. Outsourcing of information services[J]. Business Quarterly, 1991:62-65
[25]Jurison, J. The role of risk and return in information technology outsourcing decisions[J]. Journal of Information Technology,1995,10:239-247
[26]Karen Kahler Banking.Journal.Holliday Flu pandemic requires distinct preparations American Bankers Association. ABA Oct 2006; 98.10; ABI/INFORM Global. P78-87
[27]Kaufman George G Bank Failures, Systemic Risk, and Bank Regulation. Cato Journal,1996,16(1):17-46
[28]Lacity, M., Hirschheim, R. Realizing outsourcing expectations. (Cover story)[J].Information Systems Management,1994,11:7-18.
[29]MAS,2005, Guidelines on Outsourcing
[30]MAS,2008, Internet Banking and Technology Risk Management Guidelines
[31]Minsky H. The Financial Instability Hypothesis Capitalist process and the behavior of the Economy,in Financial Crisis:Theory,History and Policy, edited by :Charles P.,Kindberger and Jean-Pierre Laffargue. Cambrige; Cambridge University Press,1982,13-38
[32]OCC,1999, OCC Examination Handbook on Internet Banking
[33]OCC,2001, Uniform Rating System for Information Technology
[34]Pinnington, A., Woolcock, P. How far is IS/IT outsourcing enabling new organizational structure and competences? [J]. International Journal of Information Management,1995,15(5):353-365.
[35]Robert A. Rosen,Esq, THE NEW BASEL CAPITAL ACCORD:PART Ⅱ:TECHNOLOGY RISK FOR BANKS AND THE ROLE OF INSURANCE, Environmental Claims Journal:16(3-4,}Surrimer-Fall):2004, P249-256
[36]Robet De Young. The financial performance of pure play internet banks[J].Economic Perspectives, March 22,2001:60-78
[37]Steve Cocheo,Securiri&Technology:The perils of banking in the "electronic communiy", American Bankers Association. ABA Banking,Journal Mar 2007:993; ABI/INFORM Global, PS12
[38]Sineenad Paisittanand a. David L. Olson.A simulation study of IT outsourcingin the credit card business, European Journal of Operational Research 175(2006), P1248-1261
[39]王文超,刘好洵.后过渡期我国银行体系脆弱性研究[J].金融理论与实践.2005(5):47-50
[40]谢平,尹龙.对我国网络银行及其监管问题的研究[J].金融研究.2001(1)
[41]谢平,尹龙.网络经济中的金融理论与金融治理[J].经济研究.2001(4):24-31
[42]尹龙.网络银行与电子货币——网络金融理论初探[D].西南财经大学博士学位论文,2002
[43]谢平,尹龙.网络银行-21世纪金融领域的一场革命[J].财经科学.2000(4):1-5
[44]曾康霖主著.金融经济学[M]成都:西南财经大学出版社.2002:180-182
[45]姜灵敏.我国银行计算机系统安全管理现状分析与对策研究[J].华南金融电脑.2004(9):31-34.
[46]张成虎,孙景,李叔彪.银行技术风险监管[J].北京:经济管理出版 社,2005.
[47]李果仁.我国网络银行风险及防范对策[J].华南金融电脑,2005(3):9.12.
[48]高彩霞.防范银行业信息化风险的建议[J].时代金融.2006(4):48-51.
[49]聂丽文.浅议银行计算机风险的防范[J].科技情报开发与经济.2006(5):21-23.
[50]张同健.国有商业银行信息技术风险控制绩效测评模型研究[J].武汉科技大学学报(社会科学版),2008(2):39-44.
[51]张东向.试论信息技术在商业银行授信风险管理中的应用[J].金融理论与实践.2008(5):30-33.
[52]王淳,史旭.信息技术在商业银行信用风险管理中的应用[J].金融论坛,2008(8):38-42.
[53]邵勉也.完善我国银行信息化风险防范体系的构想[J].上海金融,2009(10):90-93.
[54]何茂春.商业银行信息科技风险的量化计量研究[J].金融论坛,2009(2):42-48
[55]郭利根.在银行业信息科技风险奥运专项自查工作部署会上的讲,2008..http://www.cbrc.gov.cn/chinese/home/jsp/docView.jsp?docID=20080219F8F638E FC971B033FF528179F5C8A300.
[56]银监会.《银行业金融机构信息系统风险管理指引》http://www.cbrc.gov.cn/chinese/home/j sp/docView.jsp?docID=2840.
[57]任莉.商业银行电子信息化风险及监管研究[D].浙江大学学位论文,2009
[58]陈朝晖.商业银行信息科技风险及防控策略研究[D].北京交通大学硕士学位论文,2009
[59]吕春鹏.商业银行信息技术操作风险分析[D].西南财经大学硕士学位论文,2008
[60]邓宾劲.网络金融风险及其监管探析[D].电子科技大学硕士学位论文,2005
[61]何禹.新形势下银行业信息科技风险监管[J].中国金融电脑,2010(8):41-42
[62]李德胜.我国商业银行信息科技风险评级体系重构研究[D].山东大学硕士学位论文,2009
[63]胡海华,崔维琪.银行业信息技术风险的监管[J].银行家,2008(4):120.121
[64]叶贵添.商业银行信息科技风险分析及管理策略[J].硅谷,2010(8):185-185
[65]李东卫.对商业银行信息科技风险的几点思考[J].金卡工程(经济与法)2008(9):101-102
[66]汪锦丽,沈林楠.美国银行信息技术风险监管经验及借鉴[J]华南金融电脑2004(7):20-22
[67]谭荣华,左志刚.信息化与金融中介演进[J]财经论丛2004(3):33-39
[68]胡海华.银行信息化风险评价及监管研究[D]华中科技大学硕士学位论文,2006
[69]陈广山.国有商业银行信息化水平与核心能力的相关性研究[D]中国矿业大学博士学位论文,2009
[70]吴卫芬.我国银行业信息技术外包的风险管理研究[D].浙江工商大学硕士学位论文,2008.
[71]梁贵民,曹晓军.我国银行业信息技术外包的风险管理研究[J].现代商业银行.2002(9):32.
[72]李娴,邱听,魏建国.试论信息技术对金融业的影响[J].金融市场.2005(2):94-96.
[73]曾康林,谢太峰,王敬.银行论[M].成都:西南财经大学出版社,1997.
[74]兹维·博迪,罗伯特.C.莫顿.金融学[M].北京:中国人民大学出版社,2000.
[75]姜建清.金融高科技的发展及深层次影响研究[M].北京:中国金融出版社,2000.
[76]欧阳勇.网络时代银行中介功能研究[D].西南财经大学博士学位论文,2007.
[77]季冬生.信息技术与金融发展[M].北京:中国金融出版社,2004.
[78]王漩,李毅.金融监管理论演化进程及其趋势[J].华南金融研究, 2001(6):8-10.
[79]裴桂芬.银行监管的理论与模式[M].北京:商务印书馆,2005.
[80]胡维波.金融监管的理论综述[J].当代财经,2004(3):50-53.
[81]白宏宇.百年来的金融监管:理论演化、实践变迁及前景展望[J].国际金融研究,2000(1):35-41.
[82]默顿.金融中介功能观[D].北京:中国财政经济出版社,2001.
[83]德沃特里庞,泰勒尔.银行监管[D].上海:复旦大学出版社,2002.
[84]李东荣.我国金融业信息化建设的成就与发展思路[J].中国金融.2009(18):14-16.
[85]杨涛.商业银行信息科技风险量化与管理研究[J].信息安全与技术.2010(8):66-70.
[86]张倩,张云志,祁妙.关于商业银行信息科技风险的调查与思考[J].中国信用卡.2009(2):16-20.
[87]陆媛.国有商业银行技术风险控制测度模型研究[J].中国管理信息化.2008(9):66-69.
[88]黎代福.商业银行全面风险管理[D]厦门大学博士学位论文,2006
[89]国际清算银行.巴塞尔银行监管委员会文献汇编中译本[M].北京:经济管理出版社,1997
[90]王忠生.我国金融监管制度变迁研究[D].湖南大学博士论文,2008.
[91]陈文雄.信息科技风险监管和管理[J].金融电子化,2009(10):27-29.
[92]银监会.商业银行操作风险资本计量指引,2008.
[93]公安部网络安全监察局.信息网络安全与病毒疫情调查分析报告,2010.
[94]龙江涛,李新春,古凤.我国网络银行风险及对策研究[J].金融与经济.2008(4):90-91.
[95]贺建华网上银行安全策略.计算机世界报[N].2001(3).
[96]满海红.金融监管理论研究[D].辽宁大学博士论文,2008.
2张成虎,孙景,李叔彪.银行技术风险监管[M].北京:经济管理出版社,2005.
3张成虎,孙景.我国银行技术风险评级体系研究[J].金融论坛,2006(2):15.22.
4 Stephen A W Drew,1995. Accelerating innovation in financial services [J]. Long Range Planning.28 (4):
5 Birch, D. and Young M.A.,1997.Financial services and the Internet-what does cyberspace mean for the financial services industry [J]. Internet Research:Electronic Networking Applications and Policy, 7(2):120-128.
6 Morisi, Teresa L.,1996.Commercial banking transformed by computer. Monthly Labor Review,119(8): 30-36.
7 Barnatt, C.,1998.Virtual communities and financial services-on-line business potentials and strategic choice [J]. International Journal of Bank Marketing,16(4):161-169.
8 Mols, N.P.,1999.The Internet and the banks' strategic distribution channel decisions [J].International Journal of Bank Marketing,17(6):295-300.
9 Yakhlef, A.,2001.Does the Internet compete with or complement bricks and mortar bank branches? [J].International Journal of Retail & Distribution Management,29(6):272-281.
10 Bussakorn, Dieter Fink,2005. Internet banking adoption strategies for a developing country:the case of Thailand [J]. Internet Research.15(3):295-312.
11周天芸,罗橄橄.对商业银行技术投资的成本.收益分析[J].金融与经济,2002(4):16-18.
12陈如清.基于信息技术视角的商业银行业务战略转型分析[J].南方金融,2007(5):47-48.
13王雪萍,张成虎.中国商业银行信息技术资本的边际生产率及最优规模[J].金融论坛,2007(5):9-13.
14张同健.国有商业银行信息技术风险控制绩效测评模型研究[J].武汉科技大学学报(社会科学版),2008(2):39-44.
15赵昱光,张学梅.信息技术与金融发展[J].技术经济与管理研究,2009(5):104-106.
16转引自:马费成等.信息资源管理.武汉:武汉大学出版社,2003年。
17引自:陈咏新.对发展我国商业银行信用风险评估技术的几点思考(J).金融经济,2002(2):76.79。
18引自:张成虎等.银行技术风险监管.北京:经济管理出版社,2005年。
19引自:陈广山,国有商业银行信息化水平与核心能力的相关性研究,中国矿业大学(北京)博士论文,2009.10,第21页。
20引自:梁文玲.金融信息化趋势对银行业的影响及我国商业银行的应对之策[J].山东大学学报,2003(1):109-112
21谭荣华,左志刚.信息化与金融中介演进[J]财经论丛2004(3):33-39
22曾康霖主著.金融经济学[M]成都:西南财经大学出版社.2002:180-182
23欧阳勇.网络时代银行中介功能研究[D].西南财经大学博士学位论文,2007.
24陈铁军,2006,商业银行经营行为的理论研究——基于契约经济学视角的分析,西南财经大学博士论文.
25陈朝晖.商业银行信息科技风险及防控策略研究[D].北京交通大学硕士学位论文,2009
26银监会《商业银行信息科技风险管理指引》。
27胡海华.银行信息化风险评价及监管研究[D]华中科技大学硕士学位论文,2006
28王忠生,我国金融监管制度变迁研究,湖南大学博士论文,2008.
29王漩,李毅.金融监管理论演化进程及其趋势[J].华南金融研究,2001(6):8.10.
30胡维波.金融监管的理论综述[J].当代财经,2004(3):50-53.
31德沃特里庞,泰勒尔.银行监管[D].上海:复旦大学出版社,2002.
32邓宾劲.网络金融风险及其监管探析[D].电子科技大学硕士学位论文,2005
33谢平,尹龙.网络经济中的金融理论与金融治理[J].经济研究.2001(4):24-31
34 Minsky H. The Financial Instability Hypothesis:Capitalist process and the behavior of the Economy,in Financial Crisis:Theory,History and Policy, edited by Charles P.,Kindberger and Jean-Pierre Laffargue. Cambrige; Cambridge University Press,1982,13-38.
35王文超,刘好洵.后过渡期我国银行体系脆弱性研究[J].金融理论与实践.2005(5):47.50
36 Kaufman George G Bank Failures, Systemic Risk, and Bank Regulation. Cato Joumal,1996,16(1):17-46
37谢平,尹龙.网络经济中的金融理论与金融治理[J].经济研究.2001(4):24.31
38国际清算银行.巴塞尔银行监管委员会文献汇编中译本[M].北京:经济管理出版社,1997
3 见 Sound Practices for the Management and Supervision of Operational Risk, published by the Basel Committee in February 2003
41汪锦丽,沈林楠.美国银行信息技术风险监管经验及借鉴[J]华南金融电脑2004(7):20-22
42张成虎,孙景,李叔彪.银行技术风险监管[J].北京:经济管理出版社,2005.
43引自:段海涛.试论国有商业银行信息技术监管.上海金融,2005.10。
44陈文雄,信息科技风险监管和管理[J],金融电子化,2009(10):27-29.
46杨涛.商业银行信息科技风险量化与管理研究明.信息安全与技术.2010(8):66-70.
47吴卫芬.我国银行业信息技术外包的风险管理研究[M].浙江工商大学硕士学位论文,2008.
48梁贵民,曹晓军.我国银行业信息技术外包的风险管理研究[J].现代商业银行.2002(9):32.
49 Basel Committee on Banking Surpervision.Outsourcing in financial Services, Feb 2005.
[1]Aubert, B. A., Patry, M., Rivard, S. Assessing the Risk of IT Outsourcing[C]. Proceedings of the 31st Hawaii International Conference on System Sciences, Hawaii. CIRANO,1998
[2]Ahmad Abu-Musa, Exploring the importance and implementation of COB1Tprocesses in Saudi organizations [J], Information Management&Computer Security Val.17 No.2,2009, P73-95
[3]APRA,2006, Prudential Standard APS 231 outsourcing
[4]Basel Committee on Banking Surpervision.Outsourcing in financial Services, Feb 2005.
[5]Brian Cleary, How Safty is Your Data?[J] STRATEGIC FINANCE, October2008 P33-37
[6]Basel Committee on Banking Surpervisian.Working Paper on the Regulatory Treatment of Operational Risk[Z].Jan 2001.
[7]Basel Committee on Banking Surpervision. Electronic Banking Risk Management Issues for Bank Supervisors, Electronic Banking Group Initiatives and White Papers, Oct 2000
[8]Bert Scholtens, Dick van Wensveen, A Critique on the Theory of Financial Intermediation, Journal of Banking & Finance 24,2000:1243-1251
[9]Benoit A Aubert,Suzame Rivard,Michel Patry. A transaction cost model of IT outsourcing, Information & Manangement,2003
[10]Chant, J. Regulation of Financial Institutions-A Functional A nalysis, Bank of Canada Technical Report No.45,1987.
[11]D.W Diamond and P.H Dybvig.Banking Runs,Deposit Insurance, and Liquidity[J].Journal of Political Economy,1983, Vol91:401-419
[12]Earl, M. J. The Risks of Outsourcing IT[J]. Sloan Management Review, 1996,37(3):26-32
[13]Fredric William Swierczeh.Pritam K. Shrestha Information technology and productivity:a comparison ofJapanese and.Asia-Pacific banks Journal of High Thechnology Management Research 14 (2003), P269=288
[14]FDIC,2002, Information Technology Examination Procedures
[15]FDIC,2006, Guidance for Financial Institutions on the Use of Foreign-Based Third-Party Service Providers
[16]FDIC,2001, Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer Information
[17]FFIEC,2003, Business Continuity Planning
[18]FFIEC,2005, Authentication in an Internet Banking Environment
[19]FFIEC,2001, Supervision of Technology Service Providers
[20]Franklin Allen and Anthony M. Santomero,The Theory of Financial Intermediation. Journal of Banking & Finance 21,1998
[21]FSB,2006, Business Continuity Planning Guide
[22]HKMA,2002,持续业务运作规划
[23]HKMA,2004,电子银行的监管
[24]Huff, S. L. Outsourcing of information services[J]. Business Quarterly, 1991:62-65
[25]Jurison, J. The role of risk and return in information technology outsourcing decisions[J]. Journal of Information Technology,1995,10:239-247
[26]Karen Kahler Banking.Journal.Holliday Flu pandemic requires distinct preparations American Bankers Association. ABA Oct 2006; 98.10; ABI/INFORM Global. P78-87
[27]Kaufman George G Bank Failures, Systemic Risk, and Bank Regulation. Cato Journal,1996,16(1):17-46
[28]Lacity, M., Hirschheim, R. Realizing outsourcing expectations. (Cover story)[J].Information Systems Management,1994,11:7-18.
[29]MAS,2005, Guidelines on Outsourcing
[30]MAS,2008, Internet Banking and Technology Risk Management Guidelines
[31]Minsky H. The Financial Instability Hypothesis Capitalist process and the behavior of the Economy,in Financial Crisis:Theory,History and Policy, edited by :Charles P.,Kindberger and Jean-Pierre Laffargue. Cambrige; Cambridge University Press,1982,13-38
[32]OCC,1999, OCC Examination Handbook on Internet Banking
[33]OCC,2001, Uniform Rating System for Information Technology
[34]Pinnington, A., Woolcock, P. How far is IS/IT outsourcing enabling new organizational structure and competences? [J]. International Journal of Information Management,1995,15(5):353-365.
[35]Robert A. Rosen,Esq, THE NEW BASEL CAPITAL ACCORD:PART Ⅱ:TECHNOLOGY RISK FOR BANKS AND THE ROLE OF INSURANCE, Environmental Claims Journal:16(3-4,}Surrimer-Fall):2004, P249-256
[36]Robet De Young. The financial performance of pure play internet banks[J].Economic Perspectives, March 22,2001:60-78
[37]Steve Cocheo,Securiri&Technology:The perils of banking in the "electronic communiy", American Bankers Association. ABA Banking,Journal Mar 2007:993; ABI/INFORM Global, PS12
[38]Sineenad Paisittanand a. David L. Olson.A simulation study of IT outsourcingin the credit card business, European Journal of Operational Research 175(2006), P1248-1261
[39]王文超,刘好洵.后过渡期我国银行体系脆弱性研究[J].金融理论与实践.2005(5):47-50
[40]谢平,尹龙.对我国网络银行及其监管问题的研究[J].金融研究.2001(1)
[41]谢平,尹龙.网络经济中的金融理论与金融治理[J].经济研究.2001(4):24-31
[42]尹龙.网络银行与电子货币——网络金融理论初探[D].西南财经大学博士学位论文,2002
[43]谢平,尹龙.网络银行-21世纪金融领域的一场革命[J].财经科学.2000(4):1-5
[44]曾康霖主著.金融经济学[M]成都:西南财经大学出版社.2002:180-182
[45]姜灵敏.我国银行计算机系统安全管理现状分析与对策研究[J].华南金融电脑.2004(9):31-34.
[46]张成虎,孙景,李叔彪.银行技术风险监管[J].北京:经济管理出版 社,2005.
[47]李果仁.我国网络银行风险及防范对策[J].华南金融电脑,2005(3):9.12.
[48]高彩霞.防范银行业信息化风险的建议[J].时代金融.2006(4):48-51.
[49]聂丽文.浅议银行计算机风险的防范[J].科技情报开发与经济.2006(5):21-23.
[50]张同健.国有商业银行信息技术风险控制绩效测评模型研究[J].武汉科技大学学报(社会科学版),2008(2):39-44.
[51]张东向.试论信息技术在商业银行授信风险管理中的应用[J].金融理论与实践.2008(5):30-33.
[52]王淳,史旭.信息技术在商业银行信用风险管理中的应用[J].金融论坛,2008(8):38-42.
[53]邵勉也.完善我国银行信息化风险防范体系的构想[J].上海金融,2009(10):90-93.
[54]何茂春.商业银行信息科技风险的量化计量研究[J].金融论坛,2009(2):42-48
[55]郭利根.在银行业信息科技风险奥运专项自查工作部署会上的讲,2008..http://www.cbrc.gov.cn/chinese/home/jsp/docView.jsp?docID=20080219F8F638E FC971B033FF528179F5C8A300.
[56]银监会.《银行业金融机构信息系统风险管理指引》http://www.cbrc.gov.cn/chinese/home/j sp/docView.jsp?docID=2840.
[57]任莉.商业银行电子信息化风险及监管研究[D].浙江大学学位论文,2009
[58]陈朝晖.商业银行信息科技风险及防控策略研究[D].北京交通大学硕士学位论文,2009
[59]吕春鹏.商业银行信息技术操作风险分析[D].西南财经大学硕士学位论文,2008
[60]邓宾劲.网络金融风险及其监管探析[D].电子科技大学硕士学位论文,2005
[61]何禹.新形势下银行业信息科技风险监管[J].中国金融电脑,2010(8):41-42
[62]李德胜.我国商业银行信息科技风险评级体系重构研究[D].山东大学硕士学位论文,2009
[63]胡海华,崔维琪.银行业信息技术风险的监管[J].银行家,2008(4):120.121
[64]叶贵添.商业银行信息科技风险分析及管理策略[J].硅谷,2010(8):185-185
[65]李东卫.对商业银行信息科技风险的几点思考[J].金卡工程(经济与法)2008(9):101-102
[66]汪锦丽,沈林楠.美国银行信息技术风险监管经验及借鉴[J]华南金融电脑2004(7):20-22
[67]谭荣华,左志刚.信息化与金融中介演进[J]财经论丛2004(3):33-39
[68]胡海华.银行信息化风险评价及监管研究[D]华中科技大学硕士学位论文,2006
[69]陈广山.国有商业银行信息化水平与核心能力的相关性研究[D]中国矿业大学博士学位论文,2009
[70]吴卫芬.我国银行业信息技术外包的风险管理研究[D].浙江工商大学硕士学位论文,2008.
[71]梁贵民,曹晓军.我国银行业信息技术外包的风险管理研究[J].现代商业银行.2002(9):32.
[72]李娴,邱听,魏建国.试论信息技术对金融业的影响[J].金融市场.2005(2):94-96.
[73]曾康林,谢太峰,王敬.银行论[M].成都:西南财经大学出版社,1997.
[74]兹维·博迪,罗伯特.C.莫顿.金融学[M].北京:中国人民大学出版社,2000.
[75]姜建清.金融高科技的发展及深层次影响研究[M].北京:中国金融出版社,2000.
[76]欧阳勇.网络时代银行中介功能研究[D].西南财经大学博士学位论文,2007.
[77]季冬生.信息技术与金融发展[M].北京:中国金融出版社,2004.
[78]王漩,李毅.金融监管理论演化进程及其趋势[J].华南金融研究, 2001(6):8-10.
[79]裴桂芬.银行监管的理论与模式[M].北京:商务印书馆,2005.
[80]胡维波.金融监管的理论综述[J].当代财经,2004(3):50-53.
[81]白宏宇.百年来的金融监管:理论演化、实践变迁及前景展望[J].国际金融研究,2000(1):35-41.
[82]默顿.金融中介功能观[D].北京:中国财政经济出版社,2001.
[83]德沃特里庞,泰勒尔.银行监管[D].上海:复旦大学出版社,2002.
[84]李东荣.我国金融业信息化建设的成就与发展思路[J].中国金融.2009(18):14-16.
[85]杨涛.商业银行信息科技风险量化与管理研究[J].信息安全与技术.2010(8):66-70.
[86]张倩,张云志,祁妙.关于商业银行信息科技风险的调查与思考[J].中国信用卡.2009(2):16-20.
[87]陆媛.国有商业银行技术风险控制测度模型研究[J].中国管理信息化.2008(9):66-69.
[88]黎代福.商业银行全面风险管理[D]厦门大学博士学位论文,2006
[89]国际清算银行.巴塞尔银行监管委员会文献汇编中译本[M].北京:经济管理出版社,1997
[90]王忠生.我国金融监管制度变迁研究[D].湖南大学博士论文,2008.
[91]陈文雄.信息科技风险监管和管理[J].金融电子化,2009(10):27-29.
[92]银监会.商业银行操作风险资本计量指引,2008.
[93]公安部网络安全监察局.信息网络安全与病毒疫情调查分析报告,2010.
[94]龙江涛,李新春,古凤.我国网络银行风险及对策研究[J].金融与经济.2008(4):90-91.
[95]贺建华网上银行安全策略.计算机世界报[N].2001(3).
[96]满海红.金融监管理论研究[D].辽宁大学博士论文,2008.