互联网金融电子银行外文文献翻译2014年译文3050字大数据

互联网金融电子银行外文文献翻译2014年译文3050字大数据Finance's Impact on nal FinanceAbstract:As we enter the era of web 2.0.banks now have full access to the。

age。

The large amount of data available on the。

has a profound effect on the XXX。

XXX。

The。

has brought about a new era of financial development。

with the rapid growth of。

XXX。

this growth has also XXX。

talent resources。

and system XXX are just a few of the XXX finance。

The development of。

XXX。

With the rise of。

companies。

XXX of the financial industry。

The。

has created a new market for financial services。

and XXX。

This has led to XXX。

The。

has XXX With the large amount of data available on the。

banks can now use this data to better XXX services。

This has led to XXX。

However。

XXX XXX。

In n。

the growth of。

finance has led to XXX around the world are now paying closer n to the financial industry。

互联网网络营销外文文献翻译(含：英文原文及中文译文)文献出处：Peter Kenzelmann. Technical Consultancy in Internationalization[J]. International Marketing Review, 2006, 4(3):20-29. 英文原文The technical basis of network marketingPeter KenzelmannNetwork marketing is based on the technology infrastructure of computer network technology, as represented by information technology. Computer networks of modern communications technology and computer technology to the product of combining it in different geographic regions and specialized computer equipment for external interconnection lines of communication into a large, powerful networks, thus enabling a large number of computers can easily transmit information to each other, share hardware, software, data and other resources. And network marketing is closely related to the computer network there are three types: the Internet, Extranet and Intranet.The theoretical basis for the network marketingTheoretical foundation of network marketing is direct marketing network theory, network theory of relationship marketing, marketing theory and network software to integrate marketing theory.(A) Direct Response Network Marketing TheoryInternet marketing as an effective direct marketing strategy, network marketing that can be tested and measurable and can be evaluated and controlled. Therefore, the characteristics of the use of network marketing, you can greatly improve the efficiency of marketing and marketing decision-making effectiveness of the implementation.Direct marketing theory is the 20th century, one of the 80's the concept of eye-catching. Direct Marketing Association of the United States for its definition is: "a place to produce any measurable response and (or) use the Stock Exchange reached one or more advertising media marketing system interaction." Directly Marketing the key to the theory that network marketing is that it can be tested, measurable, can be evaluated, which a fundamental solution to evaluate the effect of the traditional difficulties in marketing and marketing for more scientific decision-making possible. (B) the network theory of relationship marketingRelationship Marketing is a great importance since 1990 by the marketing theory, which mainly includes two basic points: First of all, in the macro level will be recognized that the scope of marketing a wide range of areas, including customer market, the labor market, the supply market , the internal market, the market stakeholders, as well as the affected market (government, financial markets); at the micro level, recognizing that the relationship between business and customers areconstantly changing, the core of marketing should be a simple one-time past transactions to a focus on maintaining relations up long-term relationships. Socio-economic system, enterprises are a major subsystem, corporate marketing objectives by many external factors to the impact of marketing activities of enterprises is a consumers, competitors, suppliers, distributors, government agencies and social organizations the process of interaction, the correct understanding of the relationship between the individual and the organization is the core of marketing is also key to business success or failure.The core of relationship marketing is to keep customers, to provide customers with a high degree of satisfaction with the value of products and services, by strengthening the links with customers to provide effective customer service, to maintain long-term relationship with customers. And long-term customer relations based on the marketing activities to achieve the marketing objectives of companies. The implementation of relationship marketing is not to damage the cost of business interests, according to research, for marketing a new customer costs five times the cost of the old customers, so to strengthen relations with customers and build customer loyalty can bring long-term enterprise interests, it is to promote a win-win strategy for businesses and customers. The Internet as an effective two-way channels of communication between businesses and customers can achieve low-cost communication andexchange costs, which companies build long-term relationships with customers to provide effective protection. This is because, first of all, enterprises can use the Internet to receive customer orders directly, customers can make their own personalized needs. Enterprises in accordance with customer demand for personalized use of flexible production technology to meet the customer needs to maximize customers in the consumer products and services to create more value. Enterprise customers can also understand the market demand, market segments and target markets, minimize marketing costs and increase the reaction rate on the market. Secondly, the use of the Internet companies to provide customers with better services and keep in touch with customers. Internet time and space constraints are not the characteristics of the convenience of our customers to maximize communication with the enterprise, customers can make use of the Internet in the shortest possible time in an easy way to access business services. At the same time, trading via the Internet to the entire enterprise can be achieved from the product quality, quality of service, such as transaction services to the entire process of quality control.On the other hand, enterprises can also be via the Internet with business-related companies and organizations build relationships and achieve win-win development. Internet as a channel of communication between the cheapest, it can help lower costs in the supply ofbusiness-to-business yet, distributors such as the establishment of collaborative partnerships. Cases such as in front of the computer company Lenovo, through the establishment of e-business systems and management information systems with the distributors of information sharing, reduce inventory costs and transaction costs, and close cooperation between the two sides. Relating to the application of network theory will be the strategy behind the marketing services network in detail.(C) The network of soft marketing theoryMarketing theory is soft against the industrial economy to the era of mass production for the main features of the "strong sales" of the new theory, the theory suggests that when customers buy products not only meet the basic physiological needs, but also to meet the mental and psychological level demand. Therefore, the soft marketing is one of the main characteristics of the follow netiquette, etiquette on the network through the use of clever marketing to obtain desired results. It emphasizes the marketing activities of enterprises at the same time the need to respect the feelings of consumers and the body read, so that consumers will be able to comfortably take the initiative to receive the marketing activities of enterprises. Traditional marketing activities can best embody the characteristics of a strong marketing promotions are two: the traditional advertising and marketing staff. In traditional advertising,consumers are often forced to passive reception of advertising messages, "bombing", and its goal is to impart information through continuous means the hearts of consumers impressed, as to whether the consumer was not willing to accept the need for need not be taken into account; marketing personnel, the marketing staff does not consider the object is willing to sell and needs, but according to the marketing staff to determine their own marketing activities carried out forcibly.On the Internet, because information exchange is a free, equal, open and interactive, to stress that mutual respect and communication, on-line users pay more attention to the protection and privacy of personal experience. Therefore, using the traditional means of marketing a strong start in the Internet marketing activities are bound to backfire, such as the American company AOL has forced their users to send E-mail advertising, the results lead to the unanimous opposition of users, many users agreed to AOL at the same time the company server E-mail to retaliate, with the result that AOL's E-mail mail server in a paralyzed state, and finally had to apologize to quell public indignation. Network marketing is just soft from the consumer's experience and needs and take pull-type strategy to attract consumers concerned about the marketing effectiveness of enterprises to achieve. Network on the Internet to carry out marketing activities, in particular promotional activities must follow certain rules of network formation of virtual communities, some also known as"netiquette (Netiquette)". Network marketing is soft netiquette rules to follow based on the clever use of marketing to achieve a subtle effect. Marketing theory on network application software in the network marketing sales strategy specific details.(D) Network Integrated MarketingIn the current post-industrial society, the tertiary industry in the development of the service sector is the major economic growth point, the traditional manufacturing-based to being service-oriented development, new service industries such as finance, communications, transportation and other industries the sun at high noon. Post-industrial society requires the development of enterprises must be based on service-oriented, it is necessary to customers as the center, to provide customers with timely and appropriate manner, as appropriate services, the maximum extent possible to meet customer demand. Internet time and space as a cross-transmission of "superconductive" media, can provide timely customer service is located at the same time interactivity of the Internet can understand customer needs and provide targeted response, so the Internet era can be said to be the most consumers an attractive marketing tool.Network of integrated marketing theory include the following key points:Network marketing requires, first of all the consumers into the entiremarketing process to the needs of their entire marketing process from the beginning.Network marketing distribution system for the enterprise as well as stakeholders to be more closely together.Corporate interests and the interests of customers to integrate together.Internet on the role of marketing, you can through the 4Ps (product / service, pricing, distribution, promotion) play an important role in binding. The use of the Internet traditional 4Ps marketing mix can be better with the customer as the center of the 4Cs (customer, cost, convenience, communication) to combine.1. Products and services to customers as the centerAs the Internet has a very good interaction and guiding the user through the Internet under the guidance of the enterprise to choose the product or service or specific requirements of enterprise customers to choose based on the timely production and requirements and provide timely service, making Customer inter-temporal and spatial requirements are met by the products and services; On the other hand, enterprises can also keep abreast of customer needs and customer requirements in accordance with the timely production and marketing organizations to provide the production efficiency and marketing effectiveness. Such as the United States PC sales company Dell Inc., or a loss in 1995, but in1996, their sales via the Internet to computers, the performance of 100 percent growth, due to customers via the Internet, you can design in the company's home page to choose and combination of computers, the company's production department immediately upon request, production, and sent through the postal service company, so companies can achieve zero inventory production, especially in the sharp decline in prices of computer components of the era, inventory will not only reduce the inventory costs can be avoided also because of losses brought about by high-priced stock.2. Customer acceptable cost pricingThe cost of traditional production-based pricing in the market-oriented marketing is to be discarded. The price of new customers should be based on acceptable cost pricing, and based on the cost to organize the production and marketing. Customer-centric enterprise pricing, customers must be the determination of market demand and the price accepted standards, otherwise the cost to the customer to accept the pricing is a castle in the air. Business on the Internet can be very easy to implement, the customer can be made via the Internet acceptable cost, the cost of business in accordance with customers to provide flexible product design and production program for the user to choose until after the customer agrees to confirm the production and marketing organizations, all All these are clients of the server program in the company under theguidance and does not require specialized services and, therefore, extremely low cost. At present, the United States, General Motors Corp. to allow customers on the Internet through the company's own guidance system of the design and assembly of motor vehicles to meet their needs, users first determine the criteria for acceptable price, and then according to the price limit system to meet the requirements of style show vehicle, the user can also be used for appropriate changes, the company producing the final product just to meet the customer requirements of price and performance.3. Products to facilitate the distribution of customer-orientedNetwork marketing is one-to-one distribution channels, cross-selling of space-time, customers can order anytime, anywhere using the Internet and purchase products. Iron and steel manufacturers in France still a Luolin Zinox for example, the company was founded in 8 years ago, because of the introduction of e-mail and the world order system, so that processing time from 15 days to 24 hours. At present, the company is using the Internet to provide better than the opponent and more efficient services. The company's internal network and vehicle manufacturers to establish contact so that they could demand the other party promptly after the production of steel to each other online.4. Repressively turn promotions to strengthen communication and contacts with customersIs the promotion of traditional enterprises, through certain media or tools of oppression customers to strengthen the company's customers and product acceptance and loyalty, customers are passive and accept the lack of communication with customers and contacts at the same time The high cost of the company's sales. Internet marketing is a one-on-one and interactive, and customers can participate in the company's marketing activities in the past, so the Internet can strengthen communication with customers and contacts and a better understanding of customer needs, attracted more customers agree . The U.S. company Yahoo's new star (Yahoo!) Company to develop a network in Internet information retrieval tools for classification, as the products are highly interactive, the user can think it is important for their classification information to Yahoo Yahoo The company immediately joined the classification of information products for the use of other users, so no need for advertising their products on well known, and in a short span of two years the company's stock market value of billions of dollars, an increase of as much as several hundred times.中文译文网络营销的技术基础彼得·肯泽尔曼网络营销基于以信息技术为代表的计算机网络技术的技术基础。

互联网金融视角下的电子货币与货币政策外文文献翻译2014年译文3500字Electronic currency has emerged as a new form of currency with the rise of electronic commerce。

It is ing increasingly popular as a means of payment and currency around the world。

However。

the development of electronic currency and its use has XXX and problems。

XXX.3 The development of electronic currencyThe development of electronic currency can be traced back to the 1970s。

with the XXX (EFTS)。

XXX。

it wasn't until the rise of the。

and electronic commerce in the 1990s that electronic currency truly began to take off。

The n of digital currencies。

such as Bitcoin。

has also contributed to the growth of electronic currency.4 The use of electronic currencyElectronic currency is being used in a variety of ways。

from online shopping to peer-to-XXX over nal currency。

includinglower n XXX。

互联网金融安全中英文对照外文翻译文献中英文对照外文翻译文献(文档含英文原文和中文翻译)Database Security in a Web Environment IntroductionDatabases have been common in government departments and commercial enterprises for many years. Today, databases in any organization are increasingly opened up to a multiplicity of suppliers, customers, partners and employees - an idea that would have been unheard of a few years ago. Numerous applications and their associated data are now accessed by a variety of users requiring different levels of access via manifold devices and channels – often simultaneously. For example:• Online banks allow customers to perform a variety of banking operations - via the Internet and over the telephone – whilst maintaining the privacy of account data.• E-Commerce merchants and their Service Providers must store customer, order and payment data on their merchant server - and keep it secure.• HR departments allow employees to update their personal information –whilst protecting certain management information from unauthorized access.• The medical profession must protect the confidentiality of patient data –whilst allowing essential access for treatment.• Online brokerages need to be able to provide large numbers of simultaneous users with up-to-date and accurate financial information.This complex landscape leads to many new demands upon system security. The global growth of complex web-based infrastructures is driving a need for security solutions that provide mechanisms to segregate environments; perform integrity checking and maintenance; enable strong authentication andnon-repudiation; and provide for confidentiality. In turn, this necessitates comprehensive business and technical risk assessment to identify the threats,vulnerabilities and impacts, and from this define a security policy. This leads to security definitions throughout the infrastructure - operating system, database management system, middleware and network.Financial, personal and medical information systems and some areas of government have strict requirements for security and privacy. Inappropriate disclosure of sensitive information to the wrong parties can have severe social, legal and regulatory consequences. Failure to address the basics can result in substantial direct and consequential financial losses - witness the fraud losses through the compromise of several million credit card numbers in merchants’ databases [Occf], plus associated damage to brand-image and loss of consumer confidence.This article discusses some of the main issues in database and web server security, and also considers important architecture and design issues.A Simple ModelAt the simplest level, a web server system consists of front-end software and back-end databases with interface software linking the two. Normally, the front-end software will consist of server software and the network server operating system, and the back-end database will be a relational orobject-oriented database fulfilling a variety of functions, including recording transactions, maintaining accounts and inventory. The interface software typically consists of Common Gateway Interface (CGI) scripts used to receive information from forms on web sites to perform online searches and to update the database.Depending on the infrastructure, middleware may be present; in addition, security management subsystems (with session and user databases) that address the web server’s and related applications’ requirements for authentication, accesscontrol and authorization may be present. Communications between this subsystem and either the web server, middleware or database are via application program interfaces (APIs)..This simple model is depicted in Figure 1.Security can be provided by the following components:• Web server.• Middleware.• Operating system.. Figure 1: A Simple Model.• Database and Database Management System.• Security management subsystem.The security of such a system addressesAspects of authenticity, integrity and confidentiality and is dependent on the security of the individual components and their interactions. Some of the most common vulnerabilities arise from poor configuration, inadequate change control procedures and poor administration. However, even if these areas are properlyaddressed, vulnerabilities still arise. The appropriate combination of people, technology and processes holds the key to providing the required physical and logical security. Attention should additionally be paid to the security aspects of planning, architecture, design and implementation.In the following sections, we consider some of the main security issues associated with databases, database management systems, operating systems and web servers, as well as important architecture and design issues. Our treatment seeks only to outline the main issues and the interested reader should refer to the references for a more detailed description.Database SecurityDatabase management systems normally run on top of an operating system and provide the security associated with a database. Typical operating system security features include memory and file protection, resource access control and user authentication. Memory protection prevents the memory of one program interfering with that of another and limits access and use of the objects employing techniques such as memory segmentation. The operating system also protects access to other objects (such as instructions, input and output devices, files and passwords) by checking access with reference to access control lists. Security mechanisms in common operating systems vary tremendously and, for those that are lacking, there exists special-purpose security software that can be integrated with the existing environment. However, this can be an expensive, time-consuming task and integration difficulties may also adversely impact application behaviors.Most database management systems consist of a number of modules - including database querying and database and file management - along with authorization, concurrent access and database description tables. Thesemanagement systems also use a variety of languages: a data definition language supports the logical definition of the database; developers use a data manipulation language; and a query language is used by non-specialist end-users.Database management systems have many of the same security requirements as operating systems, but there are significant differences since the former are particularly susceptible to the threat of improper disclosure, modification of information and also denial of service. Some of the most important security requirements for database management systems are: • Multi-Level Access Control.• Confidentiality.• Reliability.• Integrity.• Recovery.These requirements, along with security models, are considered in the following sections.Multi-Level Access ControlIn a multi-application and multi-user environment, administrators, auditors, developers, managers and users – collectively called subjects - need access to database objects, such as tables, fields or records. Access control restricts the operations available to a subject with respect to particular objects and is enforced by the database management system. Mandatory access controls require that each controlled object in the database must be labeled with a security level, whereas discretionary access controls may be applied at the choice of a subject.Access control in database management systems is more complicated than in operating systems since, in the latter, all objects are unrelated whereas in a database the converse is true. Databases are also required to make accessdecisions based on a finer degree of subject and object granularity. In multi-level systems, access control can be enforced by the use of views - filtered subsets of the database - containing the precise information that a subject is authorized to see.A general principle of access control is that a subject with high level security should not be able to write to a lower level object, and this poses a problem for database management systems that must read all database objects and write new objects. One solution to this problem is to use a trusted database management system.ConfidentialitySome databases will inevitably contain what is considered confidential data. For example, it could be inherently sensitive or its source may be sensitive, or it may belong to a sensitive table, thus making it difficult to determine what is actually confidential. Disclosure is also difficult to define, as it can be direct, indirect, involve the disclosure of bounds or even mere existence.An inference problem exists in database management systems whereby users can infer sensitive information from relatively insensitive queries. A trivial example is a request for information about the average salary of an employee and the number of employees turns out to be just one, thus revealing the employee’s salary. However, much more sophisticated statistical inference attacks can also be mounted. This highlights the fact that, although the data itself may be properly controlled, confidential information may still leak out.Controls can take several forms: not divulging sensitive information to unauthorized parties (which depends on the respective subject and object security levels), logging what each user knows or masking response data. The first control can be implemented fairly easily, the second quickly becomesunmanageable for a large number of users and the third leads to imprecise responses, and also exemplifies the trade-off between precision and security. Polyinstantiation refers to multiple instances of a data object existing in the database and it can provide a partial solution to the inference problem whereby different data values are supplied, depending on the security level, in response to the same query. However, this makes consistency management more difficult.Another issue that arises is when the security level of an aggregate amount is different to that of its elements (a problem commonly referred to as aggregation). This can be addressed by defining appropriate access control using views.Reliability, Integrity and RecoveryArguably, the most important requirements for databases are to ensure that the database presents consistent information to queries and can recover from any failures. An important aspect of consistency is that transactions execute atomically; that is, they either execute completely or not at all.Concurrency control addresses the problem of allowing simultaneous programs access to a shared database, while avoiding incorrect behavior or interference. It is normally addressed by a scheduler that uses locking techniques to ensure that the transactions are serial sable and independent. A common technique used in commercial products is two-phase locking (or variations thereof) in which the database management system controls when transactions obtain and release their locks according to whether or not transaction processing has been completed. In a first phase, the database management system collects the necessary data for the update: in a second phase, it updates the database. This means that the database can recover from incomplete transactions by repeatingeither of the appropriate phases. This technique can also be used in a distributed database system using a distributed scheduler arrangement.System failures can arise from the operating system and may result in corrupted storage. The main copy of the database is used for recovery from failures and communicates with a cached version that is used as the working version. In association with the logs, this allows the database to recover to a very specific point in the event of a system failure, either by removing the effects of incomplete transactions or applying the effects of completed transactions. Instead of having to recover the entire database after a failure, recovery can be made more efficient by the use of check pointing. It is used during normal operations to write additional updated information - such as logs, before-images of incomplete transactions, after-images of completed transactions - to the main database which reduces the amount of work needed for recovery. Recovery from failures in distributed systems is more complicated, since a single logical action is executed at different physical sites and the prospect of partial failure arises.Logical integrity, at field level and for the entire database, is addressed by the use of monitors to check important items such as input ranges, states and transitions. Error-correcting and error-detecting codes are also used.Security ModelsVarious security models exist that address different aspects of security in operating systems and database management systems. For example, theBell-LaPadula model defines security in terms of mandatory access control and addresses confidentiality only. The Bell LaPadula models, and other models including the Biba model for integrity, are described more fully in [Cast95] and [Pfle89]. These models are implementation-independent and provide a powerfulinsight into the properties of secure systems, lead to design policies and principles, and some form the basis for security evaluation criteria.Web Server SecurityWeb servers are now one of the most common interfaces between users and back-end databases, and as such, their security becomes increasingly important. Exploitation of vulnerabilities in the web server can lead to unforeseen attacks on middleware and backend databases, bypassing any controls that may be in place. In this section, we focus on common web server vulnerabilities and how the authentication requirements of web servers and databases are met.In general, a web server platform should not be shared with other applications and should be the only machine allowed to access the database. Using a firewall can provide additional security - either between the web server and users or between the web server and back-end database - and often the web server is placed on a de-militarized zone (DMZ) of a firewall. While firewalls can be used to block certain incoming connections, they must allow HTTP (and HTTPS) connections through to the web server, and so attacks can still be launched via the ports associated with these connections.VulnerabilitiesVulnerabilities appear on a weekly basis and, here, we prefer to focus on some general issues rather than specific attacks. Common web server vulnerabilities include:• No policy exists.• The default configuration is on.• Reusable passwords appear in clear.• Unnecessary ports available for network services are not disabled.• New security holes are not tracked. Even if they are, well-known vulnerabilities are not always fixed as the source code patches are not applied by system administrator and old programs are not re-compiled or removed.• Security tools are not used to scan the network for weaknesses and changes or to detect intrusions.• Faulty and buggy software - for example, buffer overflow and stack smashingAttacks• Automatic directory listings - this is of particular concern for the interface software directories.• Server root files are generally visible or accessible.• Lack of logs and bac kups.• File access is often not explicitly configured by the system administrator according to the security policy. This applies to configuration, client, administration and log files, administration programs, and CGI program sources and executables. CGI scripts allow dynamic web pages and make program development (in, for example, Perl) easy and rapid. However, their successful exploitation may allow execution of malicious programs, launching ofdenial-of-service attacks and, ultimately, privilege escalation on a server.Web Server and Database AuthenticationWhile user, browser and web server authentication are relatively well understood [Garf97], [Ghos98] and [Tree98], the introduction of additional components, such as databases and middleware, raise a number of authentication issues. There are a variety of options for authentication in a simple model (Figure 1). Firstly, both the web server and database management system can individually authenticate a user. This option requires the user to authenticatetwice which may be unacceptable in certain applications, although a singlesign-on device (which aims to manage authentication in a user-transparent way) may help. Secondly, a common approach is for the database to automatically grant user access based on web server authentication. However, this option should only be used for accessing publicly available information. Finally, the database may grant user access employing the web server authentication credentials as a basis for its own user authentication, using security management subsystems (Figure 1). We consider this last option in more detail.Web-based communications use the stateless HTTP protocol with the implication that state, and hence authentication, is not preserved when browsing successive web pages. Cookies, or files placed on user’s machine by a web server, were developed as a means of addressing this issue and are often used to provide authentication. However, after initial authentication, there is typically no re authentication per page in the same realm, only the use of unencrypted cookies (sometimes in association with IP addresses). This approach provides limited security as both cookies and IP addresses can be tampered with or spoofed.A stronger authentication method, commonly used by commercial implementations, uses digitally signed cookies. This allows additional systems, such as databases, to use digitally signed cookie data, including a session ID, as a basis for authentication. When a user has been authenticated by a web server (using a password, for example), a session ID is assigned and is stored in a security management subsystem database. When a user subsequently requests information from a database, the database receives a copy of the session ID, the security management subsystem checks this session ID against its local copy and, if authentication is successful, user access is granted to the database.The session ID is typically transmitted in the clear between the web server and database, but may be protected by SSL or even by physical security measures. The communications between the browser and web servers, and the web servers and security management subsystem (and its databases), are normally protected by SSL and use a web server security API that is used to digitally sign and verify browser cookies. The communications between the back-end databases and security management subsystem (and its databases) are also normally protected by SSL and use a database security API that verifies session Ids originating from the database and provides additional user authorization credentials. The web server security API is generally proprietary while, for the database security API, many vendors have adopted standards such as the Generic Security Services API (GSS-API) or CORBA [RFC2078] and [Corba].Architecture and DesignSecurity requirements for designing, building and implementing databases are important so that the systems, as part of the overall infrastructure, meet their requirements in actual operation. The various security models provide an important insight into the design requirements for databases and their management systems.Secure Database Management System ArchitecturesIn multi-level database management systems, a variety of architectures are possible: trusted subject, integrity locked, kernels and replicated. Trusted subject is used by most of the leading database management system vendors and can be integrated in existing products. Basically, the trusted subject architecture allows users to access a database via an un trusted front-end, a trusted database management system and trusted operating system. The operating systemprovides physical access to the database and the database management system provides multilevel object protection.The other architectures - integrity locked, kernels and replicated - all vary in detail, but they use a trusted front-end and an un trusted database management system. For details of these architectures and research prototypes, the reader is referred to [Cast95]. Different architectures are suited to different environments: for example, the trusted subject architecture is less integrated with the underlying operating system and is best suited when a trusted path can be assured between applications and the database management system.Secure Database Management System DesignAs discussed above, there are several fundamental differences between operating system and database management system design, including object granularity, multiple data types, data correlations and multi-level transactions. Other differences include the fact that database management systems include both physical and logical objects and that the database lifecycle is normally longer.These differences must be reflected in the design requirements which include:• Access, flow and infer ence controls.• Access granularity and modes.• Dynamic authorization.• Multi-level protection.• Polyinstantiation.• Auditing.• Performance.These requirements should be considered alongside basic information integrity principles, such as:• Well-formed transactions - to ensure that transactions are correct and consistent.• Continuity of operation - to ensure that data can be properly recovered, depending on the extent of a disaster.• Authorization and role management – to ensure that distinct roles are defined and users are authorized.• Authenticated users - to ensure that users are authenticated.• Least privilege - to ensure that users have the minimal privilege necessary to perform their tasks.• Separation of duties - to ensure that no single individual has access to critical data.• Delegation of authority - to ensure that the database management system policies are flexible enough to meet the organization’s requirements.Of course, some of these requirements and principles are not met by the database management system, but by the operating system and also by organizational and procedural measures.Database Design MethodologyVarious approaches to design exist, but most contain the same main stages. The principle aim of a design methodology is to provide a robust, verifiable design process and also to separate policies from how policies are actually implemented. An important requirement during any design process is that different design aspects can be merged and this equally applies to security.A preliminary analysis should be conducted that addresses the system risks, environment, existing products and performance. Requirements should then beanalyzed with respect to the results of a risk assessment. Security policies should be developed that include specification of granularity, privileges and authority.These policies and requirements form the input to the conceptual design that concentrates on subjects, objects and access modes without considering implementation details. Its purpose is to express information and process flows in a complete and consistent way.The logical design takes into account the operating system and database management system that will be used and which of the security requirements can be provided by which mechanisms. The physical design considers the actual physical realization of the logical design and, indeed, may result in a revision of the conceptual and logical phases due to physical constraints.Security AssuranceOnce a product has been developed, its security assurance can be assessed by a number of methods including formal verification, validation, penetration testing and certification. For example, if a database is to be certified as TCSEC Class B1, then it must implement the Bell-LaPadula mandatory access control model in which each controlled object in the database must be labeled with a security level.Most of these methods can be costly and lengthy to perform and are typically specific to particular hardware and software configurations. However, the international Common Criteria certification scheme provides the added benefit of a mutual recognition arrangement, thus avoiding the prospect of multiple certifications in different countries.ConclusionThis article has considered some of the security principles that are associated with databases and how these apply in a web based environment. Ithas also focused on important architecture and design principles. These principles have focused mainly on the prevention, assurance and recovery aspects, but other aspects, such as detection, are equally important in formulating a total information protection strategy. For example, host-based intrusion detection systems as well as a robust and tested set of business recovery procedures should be considered.Any fit-for-purpose, secure e-business infrastructure should address all the above aspects: prevention, assurance, detection and recovery. Certain industries are now starting to specify their own set of global, secure e-business requirements. International card payment associations have recently started to require minimum information security standards from electronic commerce merchants handling credit card data, to help manage fraud losses and associated impacts such as brand-image damage and loss of consumer confidence.网络环境下的数据库安全简介数据库在政府部门和商业机构得到普遍应用已经很多年了。

金融专业外文翻译-----电子银行的风险管理外文翻译原文RISK MANAGEMENT OF E-BANKING ACTIVITIESMaterial Source: University Galati, Economic Science FacultyAuthor: Virlanuta Florina，Moga Liliana，Ioan Viorica1. E-banking risksE-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels. E-banking includes the systems that enable financial institution customers, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network,including the Internet or mobile phone. Customers access e-banking services using an intelligent electronic device, such as a personal computer (PC), personal digital assistant (PDA), automated teller machine(ATM), kiosk, or Touch Tone telephone.In Romania, over 23 banks implemented and offer now e-banking services. The continuous development of the supporting technology, information security and e-banking strategy reflects on the increasing number of the e-banking customers. According to Communications and Information Technologies Ministry, the number of e-banking users and the transactions performed in this system, as well as the value of these transactions, registered a spectacular rising,2004 2005 2006 2007YearIndex18.259 44.538 100.799 187.471E-bankingcustomersTransactions1.968.1702.244.0673.546.5494.851.427 number7.911.987.706 11.566.348.720 20.510.170.662 44.830.322.635 Transactionsvalue (euro)Source: Communications and Information Technologies MinistryWhile the risks and controls are similar for the various e-banking access channels, this essay focuses specifically on Internet-based services due to the Internet’s widely accessible public network Accordingly, this project begins with a discussion of the two primary types of Internet websites: informational and transactional. Informational websites provide customers access to general information about the financial institution and its products or services.Risk issues examiners should consider when reviewing informational websites include: Potential access to confidential financial institution or customer information if the website is not properly isolated from the financial institution’s internal network; Potential liability for spreading viruses and other malicious code to computers communicating with the institution’s website; and Negative public perception if the institution’s on-line services are disrupted or if its website is defaced or otherwise presents inappropriate or offensive material.Transactional websites provide customers with the ability to conduct transactions through the financial institution’s website by initiating banking transactions or buying products and services. Banking transactions can range from something as basic as a retail account balance inquiry to a large business-to business funds transfer. E-banking services, like those delivered through other delivery channels, are typically classified based on the type of customer they support. The following table lists some of the common retail and wholesale e-banking services offered by financial institutions.Since transactional websites typically enable the electronic exchange of confidential customer information and the transfer of funds, services provided through these websites expose a financial institution to higher risk than basic informational websites. Wholesale e-banking systems typically expose financial institutions to the highest risk per transaction, since commercial transactions usually involve larger dollar amounts. In addition to the risk issues associated with informational websites, examiners reviewing transactional ebanking services should consider the following issues:—— Security controls for safeguarding customer information;—— Liability for unauthorized transactions;——Possible violations of laws or regulations pertaining to consumer privacy, anti-money laundering, anti-terrorism, or the content, timing, or delivery of required consumer disclosures.2. Transaction riskTransaction risk arises from fraud, processing errors, system disruptions, or other unanticipated events resulting in the institution’s inability to deliver products or services. This risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, including the types of services offered and the complexity of the processes and supporting technology.In most instances, e-banking activities will increase the complexity of the institution’s activities and the quantity of its transaction/operations risk, especially if the institution is offering innovative services that have not been standardized. Since customers expect e-banking services to be available 24 hours a day, 7 days a week, financial institutions should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability. Even institutions that do not consider e-banking a critical financial service due to the availability of alternate processing channels, should carefully consider customer expectations and the potential impact of service disruptions on customer satisfaction and loyalty.The key to controlling transaction risk lies in adapting effective polices, procedures, and controls to meet the new risk exposures introduced by e-banking. Basic internal controls including segregation of duties, dual controls, and reconcilements remain important. Information security controls, in particular, become more significant requiring additional processes, tools, expertise, and testing. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level.Generally, a financial institution’s credit risk is not increased by the mere fact that a loan is originated through an e-banking channel. However, management should consider additional precautions when originating and approving loans electronically, including assuring management information systems effectively track the performance of portfolios originated through e-banking channels.Funding and investment-related risks could increase with an institution’s e-banking initiatives depending on the volatility and pricing of the acquired deposits. The Internet provides institutions with the ability to market theirproducts and services globally. Internet-based advertising programs can effectively match yield-focused investors with potentially high-yielding deposits. But Internet-originated deposits have the potential to attract customers who focus exclusively on rates and may provide a funding source with risk characteristics similar to brokered deposits. An institution can control this potential volatility and expanded geographic reach through its deposit contract and account opening practices, which might involve face-to face meetings or the exchange of paper correspondence.Compliance and legal issues arise out of the rapid growth in usage of e-banking and the differences between electronic and paper-based processes. E-banking is a new delivery channel where the laws and rules governing the electronic delivery of certain financial institution products or services may be ambiguous or still evolving. Laws governing consumer transactions require specific types of disclosures, notices, or record keeping requirements. These requirements also apply to e-banking, and banking agencies continue to update consumer laws and regulations to reflect the impact of e-banking and on-line customer relationships.Institutions that offer e-banking services, both informational and transactional, assume a higher level of compliance risk because of the changing nature of the technology, the speed at which errors can be replicated, and the frequency of regulatory changes to address e-banking issues. The potential for violations is further heightened by the need to ensure consistency between paper and electronic advertisements, disclosures, and notices.3. Risk managementE-banking has unique characteristics that may increase an institution’s overall risk profile and the level of risks associated with traditional financial services, particularly strategic, operational, legal, and reputation risks. These unique e-banking characteristics include: Speed of technological change, Increased visibility of publicly accessible networks, Less face-to-face interaction with financial institution customers. Management should review each of the processes discussed in this section to adapt and expand the institution’s risk management practices as necessary to address the risks posed by e-banking activities.Financial institution management should choose the level of e-banking services provided to various customer segments based on customer needs andthe institution’s risk assessment considerations. Institutions should reach this decision through a board-approved, e-banking strategy that considers factors such as customer demand, competition, expertise, implementation expense, maintenance costs, and capital support. Some institutions may choose not to provide e-banking services or to limit e-banking services to an informational website.Financial institutions should periodically re-evaluate this decision to ensure it remains appropriate for the institution’s overall business strategy. Institutions may define success in many ways including growth in market share, expanding customer relationships, expense reduction, or new revenue generation. If the financial institution determines that a transactional website is appropriate, the next decision is the range of products and services to make available electronically to its customers. To deliver those products and services, the financial institution may have more than one website or multiple pages within a website for various business lines.Financial institutions should base any decision to implement e-banking products and services on a thorough analysis of the costs and benefits associated with such action. Some of the reasons institutions offer e-banking services include: Lower operating costs, Increased customer demand for services, and New revenue opportunities.The individuals conducting the cost-benefit analysis should clearly understand the risks associated with ebanking so that cost considerations fully incorporate appropriate risk mitigation controls. Without such expertise, the cost-benefit analysis will most likely underestimate the time and resources needed to properly oversee e-banking activities, particularly the level of technical expertise needed to provide competent oversight of in-house or outsourced activities.Security threats can affect a financial institution through numerous vulnerabilities. No single control or security device can adequately protect a system connected to a public network. Effective information security comes only from establishing layers of various control, monitoring, and testing methods. While the details of any control and the effectiveness of risk mitigation depend on many factors, in general, each financial institution with external connectivity should ensure the following controls exist internally or at their TSP.ConclusionsA financ ial institution’s board and management should understand the risks associated with e-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering e-banking services. Poor e-banking planning and investment decisions can increase a financial institution’s strategic risk. Early adopters of new e-banking services can establish themselves as innovators who anticipate the needs of their customers, but may do so by incurring higher costs and increased complexity in their operations. Conversely, late adopters may be able to avoid the higher expense and added complexity, but do so at the risk of not meeting customer demand for additional products and services. In managing the strategic risk associated with e-banking services, financial institutions should develop clearly defined e-banking objectives by which the institution can evaluate the success of its ebanking strategy.译文电子银行的风险管理资料来源:加拉茨大学经济科学系作者：Virlanuta Florina，Moga Liliana，Ioan Viorica1风险管理的电子银行业务电子银行定义为将传统银行产品通过电子渠道，并直接向客户提供互动服务的的新的自动交付服务。

文献出处：Florina V, Liliana M, Viorica I. RISK MANAGEMENT OF E-BANKING ACTIVI TIES[J]. Annals of the University of Oradea, Economic Science Series, 2013, 17(3).原文RISK MANAGEMENT OF E-BANKINGACTIVITIESSummary: E-banking risk arises from fraud, processing errors, system disruptions, or other unanticipated events resulting in the institution’s inability to deliver products or services. This risk exists in each product and service offered. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level.Keywords: e-banking, risk management, security1. E-banking risks1. E-banking risksE-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels. E-banking includes the systems that enable financial institution customers, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network,including the Internet or mobile phone. Customers access e-banking services using an intelligent electronic device, such as a personal computer (PC), personal digital assistant (PDA), automated teller machine(ATM), kiosk, or Touch Tone telephone.In Romania, over 23 banks implemented and offer now e-banking services. The continuous development of the supporting technology, information security and e-banking strategy reflects on the increasing number of the e-banking customers. According to Communications and Information Technologies Ministry, the number of e-banking users and the transactions performed in this system, as well as the value of these transactions, registered a spectacular rising, displayed in the graphicsbelow:While the risks and controls are similar for the various e-banking access channels, this essay focuses specifically on Internet-based services due to the Internet’s widely accessible public network Accordingly, this project begins with a discussion of the two primary types of Internet websites: informational and transactional. Informational websites provide customers access to general information about the financial institution and its products or services.Risk issues examiners should consider when reviewing informational websites include: Potential access to confidential financial institution or customer information if the website is not p roperly isolated from the financial institution’s internal network; Potential liability for spreading viruses and other malicious code to computers communicating with the institution’s website; and Negative public perception if the institution’s on-line services are disrupted or if its website is defaced or otherwise presents inappropriate or offensive material.Transactional websites provide customers with the ability to conduct transactions through the financial institution’s website by initiating banking transactions or buying products and services. Banking transactions can range from something as basic as a retail account balance inquiry to a large business-to business funds transfer. E-banking services, like those delivered through other delivery channels, are typically classified based on the type of customer they support. The following table lists some of the common retail and wholesale e-banking services offered by financial institutions.Since transactional websites typically enable the electronic exchange of confidential customer information and the transfer of funds, services provided through these websites expose a financial institution to higher risk than basic informational websites. Wholesale e-banking systems typically expose financial institutions to the highest risk per transaction, since commercial transactions usually involve larger dollar amounts. In addition to the risk issues associated with informational websites, examiners reviewing transactional ebanking services should consider the following issues:—— Security controls for safeguarding customer information;—— Liability for unauthorized transactions;—— Possible violations of laws or regulations pertaining to consumer privacy, anti-money laundering, anti-terrorism, or the content, timing, or delivery of required consumer disclosures.2. Transaction riskTransaction risk arises from fraud, processing errors, system disruptions, or other unanticipated events resulting in the institution’s inability to deliver products or services. This risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, including the types of services offered and the complexity of the processes and supporting technology.In most instances, e-banking activities will increase the complexity of the institution’s activities and the quantity of its transaction/operations risk, especially if the institution is offering innovative services that have not been standardized. Since customers expect e-banking services to be available 24 hours a day, 7 days a week, financial institutions should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability. Even institutions that do not consider e-banking a critical financial service due to the availability of alternate processing channels, should carefully consider customer expectations and the potential impact of service disruptions on customer satisfaction and loyalty.The key to controlling transaction risk lies in adapting effective polices, procedures, and controls to meet the new risk exposures introduced by e-banking. Basic internal controls including segregation of duties, dual controls, and reconcilements remain important. Information security controls, in particular, become more significant requiring additional processes, tools, expertise, and testing. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level.Generally, a financial institution’s credit risk is not increased by the mere fact that a loan is originated through an e-banking channel. However, management should consider additional precautions when originating and approving loans electronically, including assuring management information systems effectively track the performance of portfolios originated through e-banking channels.Funding and investment-related risks could increase with an institution’s e-banking initiatives depending on the volatility and pricing of the acquired deposits. The Internet provides institutions with the ability to market their products and services globally. Internet-based advertising programs can effectively match yield-focused investors with potentially high-yielding deposits. But Internet-originated deposits have the potential to attract customers who focusexclusively on rates and may provide a funding source with risk characteristics similar to brokered deposits. An institution can control this potential volatility and expanded geographic reach through its deposit contract and account opening practices, which might involve face-to face meetings or the exchange of paper correspondence.Compliance and legal issues arise out of the rapid growth in usage of e-banking and the differences between electronic and paper-based processes. E-banking is a new delivery channel where the laws and rules governing the electronic delivery of certain financial institution products or services may be ambiguous or still evolving. Laws governing consumer transactions require specific types of disclosures, notices, or record keeping requirements. These requirements also apply to e-banking, and banking agencies continue to update consumer laws and regulations to reflect the impact of e-banking and on-line customer relationships.Institutions that offer e-banking services, both informational and transactional, assume a higher level of compliance risk because of the changing nature of the technology, the speed at which errors can be replicated, and the frequency of regulatory changes to address e-banking issues. The potential for violations is further heightened by the need to ensure consistency between paper and electronic advertisements, disclosures, and notices.3. Risk managementE-banking has unique characteristics that may increase an institution’s overall risk profile and the level of risks associated with traditional financial services, particularly strategic, operational, legal, and reputation risks. These unique e-banking characteristics include: Speed of technological change, Increased visibility of publicly accessible networks, Less face-to-face interaction with financial institution customers. Management should review each of the processes discussed in this section to adapt and expand the institution’s risk management practices as necessary to address the risks posed by e-banking activities.Financial institution management should choose the level of e-banking services provided to various customer segments based on customer needs and the institution’s risk assessment considerations. Institutions should reach this decision through a board-approved, e-banking strategy that considers factors such as customer demand, competition, expertise, implementation expense, maintenance costs, and capital support. Some institutions may choose not to provide e-banking services or to limit e-banking services to an informational website.Financial institutions should periodically re-evaluate this decision to ensure it remains appropriate for the institution’s overall business strategy. Institutions may define success in many ways including growth in market share, expanding customer relationships, expense reduction, or new revenue generation. If the financial institution determines that a transactional website is appropriate, the next decision is the range of products and services to make available electronically to its customers. To deliver those products and services, the financial institution may have more than one website or multiple pages within a website for various business lines.Financial institutions should base any decision to implement e-banking products and services on a thorough analysis of the costs and benefits associated with such action. Some of the reasons institutions offer e-banking services include: Lower operating costs, Increased customer demand for services, and New revenue opportunities.The individuals conducting the cost-benefit analysis should clearly understand the risks associated with ebanking so that cost considerations fully incorporate appropriate risk mitigation controls. Without such expertise, the cost-benefit analysis will most likely underestimate the time and resources needed to properly oversee e-banking activities, particularly the level of technical expertise needed to provide competent oversight of in-house or outsourced activities.Security threats can affect a financial institution through numerous vulnerabilities. No single control or security device can adequately protect a system connected to a public network. Effective information security comes only from establishing layers of various control, monitoring, and testing methods. While the details of any control and the effectiveness of risk mitigation depend on many factors, in general, each financial institution with external connectivity should ensure the following controls exist internally or at their TSP.ConclusionsA financial institution’s board and m anagement should understand the risks associated with e-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering e-banking services. Poor e-banking planning and investment decisions can increase a financial institution’s strategic risk. Early adopters of new e-banking services can establish themselves as innovators who anticipate the needs of their customers, but may do so by incurring higher costs and increased complexity in their operations. Conversely, late adopters may be able to avoid the higher expense and added complexity, but do so at the riskof not meeting customer demand for additional products and services. In managing the strategic risk associated with e-banking services, financial institutions should develop clearly defined e-banking objectives by which the institution can evaluate the success of its ebanking strategy.译文电子银行的风险管理活动摘要:电子银行风险起因于欺诈、处理误差、系统中断或其他意外事件导致该机构无法提供产品或服务。

电子银行风险管理互联网金融外文文献翻译2013年3000多字E-banking has brought about a new set of risks for financial XXX risks include fraud。

processing errors。

system ns。

and other unforeseen events that can result in the XXX products or services。

It is XXX of the n to the customer and the n。

and to XXX.2.Risk management in e-bankingEffective risk management in e-XXX and analyzing potential risks。

XXX risks。

XXX.3.Security measures in e-bankingns should XXX controls。

n。

firewalls。

XXX systems。

and regular security testing and assessments.4.XXXXXX measures。

XXX passwords。

avoiding phishing scams。

XXX.5.nOverall。

effective risk management is essential for financial XXX。

ns XXX.XXX access accounts。

conduct ns。

and obtain n on financial products and services via public or private orks。

including the。

and mobile phones。

Customers can use us electronic devices。

本份文档包含：关于该选题的外文文献、文献综述一、外文文献标题: Online brokers lead the way for French internet finance作者: Caffard, Christophe期刊名称: International Financial Law Review卷: 20；期: 3；页: 20-24Online brokers lead the way for French internet finance1 Regulated brokersRegulated brokers are legal entities which have an investment services licence and are subject to the prudential regulations of the Comite de Reglementation Bancaire et Financiere (CRBF) and the Conseil des Marches Financiers (CMF).* Choice of legal form: regulated brokers are not required to be incorporated in a specific legal form; however, under article 13 of the MAF Law, the CECEI checks whether the legal form of the brokerage company is appropriate for providing investment services. In practice, any type of commercial company is admitted: societes de capitaux (limited companies) or societes de personnes (partnerships). The formalities of share transfer, tax and the scope of liability of a company's management will be relevant factors to the choice of legal form.* Application for an investment services licence from the CECEI: the most important part of the application is the description of the investment services, and a business plan including prospective financial statements for the following three years. The CMF will check whether the business plan is consistent with the investment services licence requested by the broker. The CECEI will ensure that the applicant's own initial funds are consistent with the business plan.The scope of the investment services licence is variable and covers one or more ofthe following investment services:Reception and transmission of orders to another investment services provider on behalf of investors, for execution. This is the core investment service provided by thebrokerage companies and, as such, a licence to provide this service is the minimum required for a brokerage company. Brokerage companies may request an investment services licence limited to the reception and transmission of orders. In this case, there will need to be a tripartite agreement between the investor, the broker and an investment services provider authorized to execute the orders of the investor. These single-- licensed brokerage companies are mere intermediaries remunerated by a commission paid by the investors. They are not entitled to benefit from the European passport under the ISD.Execution of such order other than for own account. This is defined as the execution of orders on behalf of a customer under the provision of an agency or a brokerage agreement. The brokerage company authorized to execute orders received from the investors offers a larger range of services with more potential. The broker with an investment services licence covering the execution of orders will be in charge of executing the final orders on the regulated markets, provided it is has been authorized as a market member. Unauthorized brokerage companies transmit the orders they have received to authorized market members. Authorized brokerage companies may offer investors a quasi-immediate execution of orders on the markets.Placing. This is the search for subscribers or purchasers on behalf of the issuer or seller of financial instruments. According to the CMF, in the case of a public offer of listed financial instruments placed by a market firm (for example on the Paris Stock Exchange or Nouveau March&), an online broker, which sells financial instruments online, is deemed to be providing his client with a reception-transmission of orders service and not a placing service. A placing service requires the broker to comply with capital adequacy ratios whenever it is associated with an underwriting commitment.Account-keeping, custody and clearing. These are not considered to be investment services, but assimilated services restricted to credit institutions or investment firms, and are subject to the CMF's General Regulations.CRBF regulators. CBF regulations subject brokerage companies to the following requirements: the minimum issued and paid-up share capital depends on the nature and number of investment services carried out; brokerage companies who offeraccount-keeping, custody and reception, transmission and execution of orders must have a minimum paid-up share capital of Ffrl million (about $160,000). This is reduced to Ffr350,000 when the brokerage company is not involved in account-keeping or custody services;* the minimum shareholder funds must be equal to the higher of- 25% of the overheads of the previous year, or overheads forecast in the business plan; and- the aggregate client positions divided by 150;* internal compliance procedures must be established; and* the brokerage company must comply with certain ratios relating to solvency and large exposure.Regulated brokers are also subject to the CMF's rules on the appointment of a compliance officer, information and advice for clients, mandatory clauses to be inserted in clients' agreements, professional cards required from certain employees and reporting requirements to the CMF.2 Non-regulated brokersNon-regulated brokers are sole agents appointed by an investment firm authorized by the CECEI, or an appropriate authority of an EU member state. Sole agents are nonregulated entities and are neither subject to the minimum capital and shareholder funds requirements nor to the CMF/CRBF regulations.Sole agents enter into investment services agreements with clients on behalf and in the name of their principal, who must be a regulated investment services provider. These agreements are binding on who is, as a general rule, solely liable visa-vis clients and the supervisory authorities (the CMF and/or the Bank of France). In this respect, the incorporation and activities of a sole agent brokerage is simpler, safer and cheaper than for regulated brokers. However, sole agents are fully dependent on the principal since they are not authorized to be appointed by more than one investment firm and if, for any reason, the mandate is cancelled or terminated, sole agents must stop any brokerage activity, unless they get a new mandate or are granted an investment service licence by the CECEI. Sole agents do not benefit from theEuropean passport under the ISD, as they are not considered to be investment firms. It is important to note that the sole agent does not own the brokerage business, since clients simply have a contractual relationship. This is why sole agent status is generally more suitable when the principal and agent are companies within the same group or with long-term common interests.French branches of EU investment service providersThe licence for an EU investment service provider allows it to set up branches in France, subject to authorization from the authorities of its home state.This procedure is much simpler and quicker than an application for an investment services licence with the CECEI. The other advantages of operating in France in this way are that a branch is not required to show an endowment capital in France, and that prudential ratios of the home state apply to the French branch.As a general rule under the ISD, the home state authorities retain jurisdiction over the branch in the home state, with the exception of the public policy rules, which will apply to the branches. In France, the regulation referred to below is considered to be a public policy rule with which French branches operating online brokerage services in France must comply.Regulations applicable to brokerage servicesThe offer of brokerage services and the provision of brokerage services are regulated by reference to the nature of the financial instruments offered online.The offer of brokerage servicesAdvertising / marketingThe advertising of financial instruments is heavily regulated when advertisements are included in a public offering process. In this case the advertisement is in the form of a prospectus, which must comply with COB regulations, which provide detailed requirements regarding the form and content of the prospectus. As a general rule, any other form of advertising in a public offering process must refer to the prospectus approved by the COB.* The marketing in France of financial instruments listed on a foreign market must comply with COB regulation no. 99-04. This provides that, before anytransaction, the broker must send his clients an information memorandum presenting the foreign market and the financial instruments dealt on that market. This may be sent to clients via the internet.Any advertising of operations on the foreign market must include certain mandatory information, including the identification of the legal entity which is soliciting French clients.As a general rule, the advertising of collective investment schemes is subject to regulation by the COB, which ensures that any advertisement is consistent with the notice d'information and with regulations applicable to collective investment schemes generally. SICA Vs and FCPs subject to COB regulation no. 89-02 may not be marketed until the management company has been notified of the COB's approval.However, any direct or indirect solicitation to invest in collective investment schemes subject to the simplified COB approval procedure (less formal because the scheme only targets professional investors), must contain a disclaimer informing investors that any subscription or transfer of shares or units, is restricted to qualified investors or investors whose initial investment is at least euro500,000 ($457,000) or (depending on the scheme) euro,30,000. The disclaimer must also mention that these collective investment schemes are not approved by the COB and adhere to specific investment rules.* The COB has issued guidelines no. 99-02 relating to the marketing and sale via the internet of i) collective investment scheme units or shares; and ii) discretionary mandates. These guidelines are not binding. Its purpose is to clarify certain aspects of the COB regulations which apply to collective investment schemes (management company and depositary) and to any information on financial instruments disclosed during a public offering. The COB is preparing new guidelines relating to financial advice and information disseminated via the internet.* COB regulations and recommendations are applicable to online brokers whenever financial instruments (listed or otherwise) are offered to the public.* Under the CMF's regulations, regulated brokers are bound to inform and advise their clients after having assessed their financial knowledge.* In any event, there is a prohibition on advertising units of investment funds which invest in futures markets (Article 23 of the law of 23/12/1988), or to market non-OECD financial instruments in France without the prior consent of the French Ministry of Economy.3 Canvassing lawUnder the law of 1972 relating to financial canvassing, canvassing consists of contacting potential clients by way of visits, letters, circulars and telephone calls to: i) induce them to subscribe, purchase, exchange or sell securities or participate in such operations; and ii) offer services and advice on a regular basis.The law of 1972 is not adapted to the internet and legislative reform in this field is awaited. The CMF, the COB and the CECEI consider that offers to provide e-banking and e-brokerage services would be treated in the same manner as offers of services or advice by way of letters, circulars or telephone calls.It is difficult to determine which information systems or practices will qualify as financial canvassing (and therefore regulated) or merely as financial advertising (and therefore permitted); the CECEI and the COB have not yet given any clear guidance on this question.According to a discussion and research paper on internet risk released by the Commission Bancaire (the supervisory arm of the Bank of France) in July 2000, advertising messages, including a link to the seller's site (in the case of banks) displayed on general purpose websites, or posting information, advice or offers on sites or news groups in the client's country, would be viewed as financial advertising and would not constitute financial canvassing.The Bank of France takes the view that in these examples there is no active solicitation of clients since they access the financial advertisements deliberately and of their own accord, as if visiting the premises of a bank.In contrast with these passive marketing techniques, sending messages to email addresses would be equated with sending letters and as such would qualify as canvassing, according to the Bank of France.In any case, before soliciting French customers, the brokerage company mustnotify the Bank of France (CECEI) of its intention to solicit such customers; and employees of the brokerage company must be granted a specific solicitation card by the French authorities. Any breach of this rule would constitute a criminal offence.4 Public offering regulationsPublic offering regulations are applicable whenever financial instruments are issued or transferred to the public in France, using advertising, canvassing, credit institutions or investment service providers. Public offerings are heavily regulated and are subject to a number of requirements, including prior approval by COB of a prospectus, filing with the Commercial Registry of the French translation of the issuer's constitutional documents, publication of a legal notice in the BALO and continuing information obligations.The public offering regulations apply to offers of both listed and unlisted financial instruments. In this respect, online brokers offering listed shares to the public are subject to public offering regulations and in particular COB Regulation no. 99-08, under which the online broker must comply with the following disclosure and advertising rules:* the preparation of a simplified prospectus which must be approved by the COB and made freely available to the public; and * any advertisement must refer to the simplified prospectus and specify how to obtain a copy.A private placement (as opposed to a public offering) is defined as the issue or transfer of financial instruments to qualified investors or to a restricted circle of investors.In order to ensure a private placement via the internet, it is necessary to restrict electronic access to the broker's website by passwords granted solely to qualified investors. It is also mandatory under COB Regulation No. 99-09 that a private placement disclaimer be displayed on the webpages of the broker's website. The disclaimer must mention that:* offering materials (advertisements, information memoranda, etc) have not been submitted to the COB for its approval;* qualified investors must participate in the private placement for their ownaccount;* any offer to the public of the financial instruments subscribed or purchased by the qualified investors in the private placement would be subject to public offering regulations; and* if the investors are members of a restricted circle of more than 100, they must certify that they are associated with the management of the issuer on a professional or a personal basis. The provision of online brokerage servicesRules of conduct applicable to online brokers Regulated brokers and principals of non-regulated brokers are investment service providers and are subject to the rules of conduct set out in its General Regulation. The CMF has issued General Decision no. 99-07 providing regulations and guidelines. It implements the CMF rules of conduct.As a general rule, the message must clearly identify the issuer of a message offering the service of reception or transmission of orders. In particular, the website must display the legal status of the broker and the investment service it is authorized to provide. Regulated brokers and non-regulated brokers must be clearly distinguished, and the latter must disclose the identity of their investment service provider whom they are asking as agent.If the online broker is not in charge of account-keeping and custody services, whoever is must be clearly identified. Before entering into a contract with any new client, theonline broker must verify the client's identity and domicile by requesting the following documents:a photocopy of a valid official identity document (passport, identity card, driving licence);* bank details; and* written evidence of address.The broker must send confirmation that he has received these documents and, in doing so, check the client's address. These formalities and verifications may not be carried out via the internet.Once the identity and domicile ofthe new client have been checked, the onlinebroker can provide investment services to his client where:* the client has signed an agreement relating to the evidential rules and procedures applicable to the reception of orders via the internet;* the funds or financial instruments have been credited to the client's account. This does not apply to the broker if it is not the account keeper or the custodian;* the broker has checked that its client may receive the information on the relevant financial instruments and risks via the internet; and* the broker must ensure that the client receives in advance more detailed information regarding operations involving financial instruments which do not correspond to the client's regular dealings.In cases where the broker is responsible for account-- keeping, it should operate an automated system monitoring the accounts of the client and freezing any order in the event of insufficient provision or margin cover.The CMF also recommends that this automated system should freeze any order sent by the client which does not comply with market regulations.Compliance with these rules of conduct raises problems when the broker's website is outsourced to a third party, which happens frequently. The authorities are concerned that brokers may lose control over the operation of their websites and would be unable to take any operational responsibility, while remaining liable. This is why the Commission Bancaire is considering imposing an obligation on investment firms and credit institutions providing online financial services, to monitor their outside internet service providers and/or software companies.5 Regulation of contracts entered Into by online brokersContracts with clients These are subject to the CMF regulations, and in particular to CMF General Decision no. 98-28 relating to the mandatory clauses which must be included in agreements entered into with clients. It came into force in June 2000 and any existing contract is required to be duly amended.The agreements must contain a clause setting out the identity of the client and its legal capacity. In particular, qualified investors must be identified among other legal entities as well as the investment services provided. The categories of financialinstruments and financial services must also be stated in the agreement. This is important since it is taken into account when determining whether the broker has properly assessed the skills of his client. In this respect, it is recommended that high-risk speculative and/or complex operations, such as operations on futures markets, be restricted to informed clients or to qualified investors.In practice, the online broker asks new clients to answer a questionnaire which acts as proof that the broker has fulfilled its obligations to assess the skills ofits client.The agreement must contain a confidentiality clause which is binding. In this respect, it is useful for the online broker to provide exceptions to this obligation so that information on clients can be centralized within a member ofthe same group of companies, or accessed by an outside software company.Contracts with other investment services providersThe number of contracts entered into by brokers with other investment service providers depends on the scope of its licence. Non-regulated brokers must enter into an exclusive mandate with a licensed investment service provider.Regulated brokers which are not market members or not licensed for the execution of orders must conclude a transmission of orders agreement with market members or other investment service providers.These contracts are not subject to the CMF General Decision no. 98-28 or to other specific regulations, with the exception of.* clearing agreements;* when a client gives a broker with whom he has an account an order for transmission to another non-resident institution with comparable status, the broker is forbidden from being remunerated in the form of hard commission (a commission rebate) by the institution to which the order has been transmitted; and* a non account-keeping broker receiving orders from a client for transmission to another institution may be remunerated in the form of a hard commission, provided that the broker informs the client when entering into contractual relations (and thereafter annually) of the terms and conditions and amount of the hard commission.Contracts entered into with software companiesThese contracts might at first appear to have regulatory implications. However, recent financial regulations applicable to e-- brokerage now have a direct bearing on implications for IT agreements.In practice, brokers must ensure that the operation of the website and the reception and transmission of software orders complies with the CMF General Decision and any other applicable regulations applicable. The upgrade clause of the IT agreement entered into with the software company should address the question of the software being upgraded in the event of changes to applicable regulations.It is also recommended that any outsourcing agreement contains a clause which sets out how the online broker monitors the operation of the outsourced website.二、文献综述互联网金融发展文献综述摘要互联网金融的快速发展成为近年来中国经济金融领域备受瞩目的重要现象，国内学术界讨论互联网金融的文献数量也急速膨胀，但目前尚缺少对与互联网金融相关的各类文献进行全面梳理的综述类论文。