2224
IT Development and the Separation of Banking and Commerce
merce into banking is laxer than the entry from
EDQNLQJLQWRFRPPHUFHDQG³RQHZD\´UHJXODWLRQ
LVQRWFRQ¿QHGWR-DSDQEXWLVFRPPRQLQPDQ\
countries; (3) There is tendency that revenue of
banks is recovered and that the banking sector is
developed with relaxation of restriction; (4) It is
often the case in the countries where restriction
on the scope of business conducted by banks is
lax that there are fewer nonperforming loans and
¿QDQFLDOFULVHVLQDGGLWLRQWKHVDIHW\QHWLQFOXG-
ing deposit insurance is reduced.
However, Watanabe’s analysis raises some
questions in the following points which are dif-
¿FXOWWRDJUHHRQ:DWDQDEH¶VDQDO\VLVGRHVQ¶W
consider the U.S., a developed country where
restriction on the scope of business conducted by
banks is stern, (2) Watanabe’s analysis compared
RQO\OLPLWHG¿JXUHVLQFOXGLQJWKHUDWLRRIPLQLPDO
shareholding by banks, bank’s ROA and ROE,
and ratio of nonperforming loans, when forming
a conclusion and differences of bank’s power of
industry control, history and business practices
are not considered. For example, (a) it is not Japan
but the U.S. where restriction on scope of busi-
ness conducted by bank is extremely stern, (b) it
is dangerous to determine the level of entry only
with the ratio of minimal shareholding by banks
and not considering individual circumstances,
(c) it is doubtful whether the general theory that

relaxation of restriction on scope of business con-
ducted by banks leads to revenue improvement
can be adopted to this case in a situation where
the synergy effect of banking and commerce is
realistically not so much expected, and (d) even
though a lack of nonperforming loans is related
to easing of restrictions on the scope of business
conducted by banks, a casual linkage between few
nonperforming loans and relaxation of restriction
on scope of business conducted by bank cannot
EHFRQ ¿ U PHG &RQ VLGHU L QJWKHSRLQWVPH QW LRQH G 
it seems that there is not enough material to
consider prompt revision of the law and that it is
desirable to judge the time to be right to revise
the law while watching development of business
opportunities.
CONCLUSION
1R Z LW L V G L I ¿ F X O W W R ¿ Q G D F D V H L Q Z K LFK D V \ Q H U J \ 
effect could not be achieved by a means other than
DEDQN¶VRZQHUVKLSRIQRQ¿QDQFLDO¿UPVWKURXJK
holding equity. Under these circumstances, it is
not so unnatural for the supervising authorities
of both Japan and the U.S. to still worry seriously
about reducing the existing measures against risks.
It seems that there is not a strong necessity to ease
regulations until such cases, in which a synergy
effect is fully achieved by a bank’s entry into
FRPPHUFHRFFXUVLQ(XURSHZKHUH³WZRZD\´
regulation is adopted. If banks in Japan and the
U.S. want to actively seek the chance to achieve

a synergy effect, they have only to do it through
WKHLUDI¿OLDWHFRPSDQLHVLQ(XURSH+RZHYHUDV
the pace of change in the economic environment
is fast in the IT society, Japanese and American
governments, from the perspective of global
competition, will have to work on developing
legislation quickly when they see the appearance
RID¿HOGZKHUHVRPHV\QHUJ\HIIHFWLVH[SHFWHG
Therefore, it is important to continue theoretical
discussion.
FUTURE RESEARCH DIRECTIONS
Unlike European nations, separation between
banking and commerce has been maintained in
Japan and the U.S. because: though managing
both banking and commerce (shareholding) has
such advantages as (1) economies of scale, (2)
risk dispersal, and (3) smaller cost for consum-
ers to collect information (one-stop shopping); it
also has such disadvantages as (1) diseconomies
of scale, (2) fear of control over industry, and (3)
PRUHFRPSOH[LW\DQGKLJKHUFRVWRI¿QDQFLDOVX-
pervision. Today, in light of IT advancement and
FKDQJHVLQWKH¿QDQFLDOHQYLURQPHQWGHPDQGIRU
entry has been increasing, from banking to com-
merce in Japan, and from commerce to banking
in the U.S. For instance, in Japan, the banking
2225
IT Development and the Separation of Banking and Commerce
industry claims that banks’ entry to commerce
would not cause the above disadvantages thanks

to regulations requiring competition among banks,
market rules, and the arm’s length rule, and that
banks’ dual operation of real estate business, on-
line-trade-related business, or personal security
¿QDQFHEXVLQHVVZRXOGSURGXFHDV\QHUJ\HIIHFW
ZKLFKZRXOGDOVREHQH¿WFRQVXPHUV+RZHYHU
banks effectively can enter into commerce without
holding shares, and many are doubtful about the
extent of the claimed synergy effect. So, it is essen-
tial to measure and verify actual advantages and
disadvantages as much as possible to decide the
degree of deregulation of share-holding limits.
On the other hand, as the issue is closely con-
nected with other issues including IT advance-
PHQWDQG,VODPLF¿QDQFHGHYHORSPHQWIXWXUH
environmental changes and political factors may
affect the course of separation of banking and
commerce.
First, in online banking, the money economy
that does not go through the bank system is spread-
ing. For example, it is estimated that about one
trillion yen worth of points are issued annually in
Japan only; and in the market of RMT, exchange
of online game currency and real currency is said
to have expanded to over the 15 billion yen scale.
It means that commerce has already been running
a large part of the account settlement business,
which is in theory to be operated by banks, by
means of issuing points and game currency, thus
making a foray to banking business. Separation

rules of banking and commerce may be compelled
to approve the move.
6HFRQGDV,VODPLF¿QDQFHJURZVPRYHVWR
invite the Islamic economy are active in many
nations worldwide, such as the United Kingdom,
Singapore, and Malaysia. Interest (riba) is pro-
hibited in the Islamic economy and commercial
dealings (al-bay) are allowed instead of regular
¿QDQFLQJRSHUDWHGE\EDQNVRIRWKHUFRXQWULHV
Islamic banks operate murabaha, which is pur-
chase and resale of ordinary merchandise, and
ijara, which is similar to leasing. In case Japan
or the U.S. invites Islamic banks and grants them
banking licenses, legal arrangements are needed
to exempt murabaha and other dealings of goods
from bans on ban ks’ commercial business opera-
tion. Separation rules of banking and commerce
may face revision in light of such moves.
REFERENCES
Brown, J. (2002). The separation of banking and
commerce. GIS for Equitable and Sustainable
&RPPXQLWLHVODVWPRGL¿HGRQ2FWREHU
Available at />sbc.html
Caprio, G., Levine, R. E., & Barth, J. R. (2001,
November). Bank regulation and supervision:
What works best? Policy Research Working Paper
2725. The World Bank. Available at the World
Bank Web site.
Cocheo, S. (1997, October). What’s at stake with
unitary thrifts? ABA Banking Journal, http://

www.banking.com/aba/unitary_1097.asp
FRBSF. (1998, July 3). The separation of bank-
ing and commerce. Federal Reserve Bank of San
Francisco (FRBSF) Economic Letter. Available
at />yltr98/el98-21.html
Iwahara, S. (2003). Denshi Kessai to Hou (Elec-
tronic Payments and Law in Japanese). Yuuhi-
kaku., p. 625.
Japanese Bankers Association. (2006). The bank-
ing system in Japan. Zenginkyo. p.161 & p. 19.
Kaizuka, K., Kousai, Y., Nonaka, I. (Eds.). (1996).
Nihon Keizai Jiten (Dictionary of Japanese
Economy in Japanese). Nihon Keizai Shinbun-
sha. p. 1387.
Kinyu Chousa Kenkyu Kai (KCKK: Financial
Research Study Group in Japanese). (2006, July).
Kinyu No Conglomerate Ka Tou Ni Taiou Shita
2226
IT Development and the Separation of Banking and Commerce
Kinyu Seido No Seibi. Creating A New Financial
System. The Financial Research Study Group
(Report No. 36). original is in Japanese only.
2I¿FHRI7KULIW6XSHUYLVLRQ1RYHPEHU
Historical framework for regulation of activities
of unitary savings and loan holding companies.
/>Seaman, R. (1998). English translation of Japa-
nese banking law. (updated January 1998). http://
www.japanlaw.info/banking/1981.htm
Umeda, A. (2006, April). Ginkou to Shougyou no
one-way Kisei Ni Tsuite (Regarding “One-way”

regulation of banking and commerce in Japanese).
Mizuho Research Institute. p. 18.
Watanabe, T. (2006, July). Ginkou No Gyoumu
Han-i Kisei Ni Tsuite (On Regulations of the
Scope of Bank Business Activities in Japanese).
Kinyu. pp. 3-11.
World Bank. (2000, 2003). Bank Regulation
and Supervision: Finance and Private Sector
Research.
ADDITIONAL READING
Munir, A. B. (2004). Internet banking: Law and
practice. LexisNexis Butterworths.
Richmond Law & Tax Ltd. (2005). Financial
Services Regulation in Europe. p. 760.
Scott, H. S. (2004). ,QWHUQDWLRQDO¿QDQFH/DZ
and regulation. Thomson Sweet & Maxwell.
Vernados, A. M. (2006). Islamic banking &
¿QDQFHLQ6RXWK(DVW$VLD (2
nd
ed.). World Sci-
HQWL¿F
ENDNOTES
1
To maintain the soundness of banking, the
Japanese Banking Act has the following
regulations: Section 10, 11, 12, and 52 (21)
prohibit bank and bank holding companies
from engaging in other business; Sections
16 (3) and 52 (23) restrict banks and bank
holding companies from having subsidiar-

LHVDQGDI¿OLDWHVWKDWHQJDJHLQFRPPHUFH
Sections 16 (3) and 52 (24) ban banks from
having more than 5% and bank holding
companies from having more than 15% of
shares of commercial companies in total.
2
To promote free and fair competition, the
Japanese Antimonopoly Code, Section 11
prohibits banks from having more than 5%
of shares of commercial companies.
3
In the U.S., commercial companies obtaining
more than 25% of bank shares are deemed to
EH³EDQNKROGLQJFRPSDQLHV´DQGPXVWVHSD-
UDWHQRQ¿QDQFLDOEXVLQHVVHVLQSULQFLSOH
Banks cannot hold commercial companies’
shares and bank holding companies cannot
have more than 5% of shares of commercial
companies.
4
 7KLV WHFKQLFDO WHUP LV ¿UVWO\ LQWURGXFHG
LQWKH¿QDQFLDOUHVHDUFKVWXG\FRQIHUHQFH
held at the Japanese Bankers Association on
March 10, 2006. See p. 3 of Kinyu Chousa
Kenkyu Kai (2006).
5
Ibid.
6
Ibid.
7

In some major European countries, com-
mercial companies can hold up to 100% of
b a n k s h a r e s i f t h e y m e e t t h e r e q u i r e m e n t s f o r
major stockholders, and banks can also hold
up to 100% of commercial companies shares
if they meet the capital requirements.
8
The Clayton Antitrust Act of 1914, October
15, 1914, ch. 323, 38 Stat. FRGL¿HG
at 15 U.S.C.§12-27, 29 U.S.C.§52, 29
U.S.C. § 53.
9
48 Stat. 162 (1933).
10
12 USCS 1841-1850.
11
 )RUGHW DLOVVHH2I¿FHRI7K ULI W6XSHU YLVLRQ
(2006).
12
Pub. L. No. 106-102, 106th Cong., 1st Sess.
2227
IT Development and the Separation of Banking and Commerce
(1999).
13
See pp. 61- 63 at Japanese Bankers Associa-
tion (2006).
14
See p.37 at Kaizuka, K., Kousai, Y., Nonaka,
I., Eds. (1996).
15

See p.42 at Id.
16
See p.37 at Id.
17
Though the Tokyo Watanabe Bank did not
fail, the Minister of Finance, Mr. Kataoka
VDLGE\PLVWDNHWKDW³WKH7RN\R:DWDQDEH
Bank failed at around noon today” in the
Diet meeting in March 14, 1927. See p.42
at Id.
18
See pp.37-42 at Id. (1996).
19
Law No.59 in 1981. For English translation
of this law, see Seaman, R. (1998).
20
Article 4 of the Banking Law stipulates
that none shall engage in banking unless
licensed by the Prime Minister. To qualify
for a license, the application must have a
FHUWDLQ¿QDQFLDOFDSDFLW\SRVVHVVFRPSH-
tent k nowledge, and experience to car ry out
banking business and have adequate social
credibility. See p.64 at Japanese Bankers
Association (2006).
21
See pp.66-69 at Id.
22
 $FFRUGLQJWRSDW,G³WKH-DSDQHVH
%DQNLQJ/DZLVXQLTXHLQWKDWLWGH¿QHVQRW

only taking deposits but also fund trans-
fers as typical bank business. The bulk of
transfers are between deposit accounts for
settlement purposes. It is a measure of the
reliability of banks and the banking system
that settlement, which occupies a vital posi-
WLRQLQWKHÀRZRIIXQGVLVHQWUXVWHGRQO\
WREDQNVDQGRWKHUGHSRVLWRU\¿QDQFLDO
institutions.”
23
For details, see Iwahara (2003).
24
For details, see pp.17-18 and p.40 at Japanese
Bankers Association (2006).
25
For example, see Umeda, A. (2006).
26
 7KLVUXOHZDV¿UVWLQWURGXFHGLQWREDQ
transactions with the subsidiary that would
prejudice the interest of the bank. With the
1998 amendments, the range of businesses
was expanded open to bank subsidiaries and
DI¿OLDWHVDQGWKHVFRSHRIWKHDUP¶VOHQJWK
rule was extended. The 2001 amendments
made major shareholders subject to this rule
in step with the addition of the regulations
on major shareholders. See article 13-2 and
pp. 70-71 at the Japanese Bankers Associa-
tion (2006).
27

For details, see Cocheo, S. (1997).
28
See World Bank (2000, 2003).
This work was previously published in Cyberlaw for Global E-business: Finance, Payments, and Dispute Resolution, edited
by T. Kubota, pp. 53-66, copyright 2008 by Information Science Reference (an imprint of IGI Global).
2228
Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
Chapter 7.17
Electronic Risk Management
Tapen Sinha
Instituto Tecnológico Autónomo de México, Mexico and University of Nottingham, UK
Bradly Condon
Instituto Tecnológico Autónomo de México, Mexico and Bond University, Australia
ABSTRACT
Doing business on the Internet has many op-
portunities along with many risks. This chapter
focuses on a series of risks of legal liability aris-
ing from e-mail and Internet activities that are
a common part of many e-businesses. Some of
the laws governing these electronic activities are
new and especially designed for the electronic
age, while others are more traditional laws whose
application to electronic activities is the novelty.
E-business not only exposes companies to new
types of liability risk, but also increases the po-
tential number of claims and the complexity of
dealing with those claims. The international nature
of the Internet, together with a lack of uniformity
of laws governing the same activities in different
countries, means that companies need to proceed

with caution.
INTRODUCTION
Within 48 hours after Katrina came ashore, a
number of Web sites cropped up claiming that
they are for hurricane relief. At the click of a
computer Web site, you could donate money for
the victims. Some of them even allowed you to
donate money through a Red Cross Web site.
Unfortunately, many of them turned out to be
fraudulent. When you thought you were going to
the Red Cross Web site, you would be taken to
a different one and your credit card information
would be stolen and sold to the highest bidder.
In the electronic parlance, this process is called
³SKLVKLQJ´VHH$SSHQGL[IRUWHUPLQRORJLHV
Electronic information transfer has become the
backbone of our information society. Therefore,
it is not surprising that it has also increased the
2229
Electronic Risk Management
risks coming from electronic sources. The main
risk comes from the Internet. For many busi-
QHVVHVDQGIRUPDQ\LQGLYLGXDOVWKHEHQH¿WVRI
being connected to the Internet have increased
so much that not being connected to the Internet
is no longer an option.
Companies who conduct transactions over
electronic channels face a number of risks. Some
RI W K H V H U L V N V  V X F K D V Y L U X V H V  ÀR Z I U R P W KH Q D W X U H 
of modern technology. Others, such as theft, are

age-old risks that have taken on new twists in the
electronic age. For example, banks transfer huge
a m o u n t s o f m o n e y by w i r e , m a k i n g t h e m e a s y a n d
lucrative targets for fraud, extortion, and theft.
2WKHU¿QDQFLDOLQVWLWXWLRQVVXFKDVFUHGLWFDUG
companies, are prone to the same hazards. Soft-
ware companies sell their products in electronic
IRUPDW&RS\LQJ¿OHVDQGSURJUDPVLVHDV\DQG
cheap, making software companies particularly
vulnerable to theft of their products. Electronic
r e t a i l e r s t h a t d o a l l o f t h e i r b u s i n e s s o n l i n e , s u c h a s
Amazon.com, are subject to a wide array electronic
risks associated with electronic money transfers
and Web sites. However, even bricks and mortar
companies face numerous risks emanating from
(electronic) viruses, hackers, and the online activi-
ties of employees. These legal and technological
risks associated with e-business—which may
be referred to collectively as electronic or cyber
risks—are the subject of this chapter.
The aim of this chapter is to survey a broad
array of electronic risks that can cause their vic-
tims to lose money. It is beyond the scope of this
chapter to provide advice on how to manage each
and every one of these risks. Rather, this chapter
seeks to raise awareness of a variety of risks so
that readers will become conscious of the need
to develop electronic risk management strategies.
The best advice in this regard is to invest in expert
advice. For example, where litigation risk exists,

consult a lawyer early on regarding strategies
to adopt that will avoid litigation or minimize
the cost and risk of litigation should it become
unavoidable. Where loose lips increase risks,
develop strategies for managing the content of
correspondence, whether traditional or electronic,
such as educating and monitoring employees.
Where the problem is primarily a technical one,
invest in the necessary technology and expertise.
Finally, where insurance is available to manage
WKH¿QDQFLDOULVNVDVVRFLDWHGZLWKGRLQJEXVLQHVV
electronically, buy it.
A GLOBAL PROBLEM OF VIRUSES
Computer viruses have become synonymous with
electronic risk on a global scale. The method of
electronic infection has changed dramatically.
In 1996, e-mail attachments were responsible
for 9% of infections whereas 57% of infections
FDPHIURPÀRSS\GLVNV,QLQIHFWLRQV
came from e-mail attachments and only 6% came
IURPÀRSS\GLVNV%\WKHUDWHRILQIHFWLRQV
from e-mail attachments had topped 99% of total
infections (Source: ICSA Labs Virus Prevalence
Survey, various years). As a result, in 1997, only
30% of all institutions used virus protection for
e-mails whereas by 2004, the use of virus pro-
tection had almost reached universality (ICSA
Labs Virus Prevalence Survey 2004, Figure 15).
However, the rise of the use of virus protection
has not reduced the rate of infection. Figure 1

shows how the rate of infection has changed over
a period of 9 years. Despite the near universal
use of antivirus software, the rate of infection
has increased more than eleven-fold. The biggest
jump in infection came between 1998 and 1999.
It has not decreased since (see Table 1).
The number of problems and the associated
cost of computer viruses have gone up steadily
over the past decade. DARPA created the Com-
puter Emergency Response Team Coordination
Center (CERT/CC) in November 1988 after the
computer worm Morris worm struck. It is a major
coordination center dealing with Internet secu-
rity problems run by the Software Engineering
Institute (SEI) at Carnegie Mellon University.
2230
Electronic Risk Management
Table 1. Computer infection rates 1996-2004 (Source: ICSALabs.com)
Infection Rates Per 1000 Computers
1996 10
1997 21
1998 32
1999 80
2000 90
2001 103
2002 105
2003 108
2004 116
Table 2. Number of incidents reported by CERT 1995-2003 (Source: )
Year No. of Incidents

1995 2,412
1996 2,573
1997 2,134
1998 3,374
1999 9,859
2000 21,756
2001 52,658
2002 82,094
2003 137,529
7DEOH$QQXDO¿QDQFLDOLPSDFWRIPDMRUYLUXVDWWDFNV6RXUFHKWWSZZZFRPSXWHUHFR-
nomics.com)
Year Worldwide Economic Impact (US$)
2003 $13.5 Billion
2002 11.1 Billion
2001 13.2 Billion
2000 17.1 Billion
1999 12.1 Billion
1998 6.1 Billion
1997 3.3 Billion
1996 1.8 Billion
1995 500 Million
Note: A CERT “incident” may involve one, hundreds, or thousands of sites. Some incidents may involve ongoing activity
for long periods of time.
2231
Electronic Risk Management
CERT/CC has compiled a comprehensive list of
VHFXULW\³LQFLGHQWV´WKDWKDYHRFFXUUHGVLQFH
(see Table 2). The trend is showing an exponential
rise of such incidents over time.
How much do such viruses cost the world?

Estimates are available for 1995-2003. It shows
that the cost went up quite rapidly between 1995
and 2000, but then there was no clear increase over
time. One reason for such a recent slowdown is
the widespread use of antivirus programs imple-
mented by businesses as well as individuals.
The damage caused by computer viruses is
not uniform across all viruses. A few viruses (and
their variants) cause most of the damage. The un-
disputed world champion was a virus codenamed
I L OV E U (s e e Ta b l e 4 ) . I t w a s c r e a t e d b y a p e r s o n i n
t h e P h i l i p p i n e s . Ye t , t h e m o s t d a m a g e i t c a u s e d w a s
in the developed world. It propagated during the
weekend of February 2000 around St. Valentine’s
Day. The biggest recent attack, in August 2005,
was caused by a worm code named Zotob. It took
out the computer system of CNN live. It spread
through the entire Internet over the weekend.
Within 2 weeks, the police in Morocco arrested
an 18-year old as the main coder of the worm at
the request of the Federal Bureau of Investiga-
tion. However, given that there is no extradition
treaty in these matter between the United States
and Morocco, it is highly unlikely that the person
would be extradited to the United States.
THE SPAM-VIRUS NEXUS
Being connected to the rest of the world through
the Internet in general, and through e-mails in
particular, has a cost. The cost comes in the form
of spam. Spam is unsolicited e-mail. The problem

o f s p a m h a s b e c o m e e x t r e m e l y l a r g e . I n J u l y 2 0 0 4 ,
spam accounted for more than 95% of all e-mails
(see Figure 1). MessageLabs published a report
LQLQZKLFKLWQRWHGWKDW³PRUHWKDQ
of global spam originates from fewer than 200
known spammers in the USA. Many are based
in the small town of Boca Raton in Florida, one
of three states in the U.S. which have no spam
legislation in place” (Source: -
sageLabs.com). In addition to being a nuisance,
Table 4. Financial impact of major virus attacks since 1999 (Source: putereconomics.
com)
Year Code Name Worldwide Financial Impact ($US)
2004 MyDoom $4.0 Billion
2003 SoBig.F 2.5 Billion
2003 Slammer 1.5 Billion
2003 Blaster 750 Million
2003 Nachi 500 Million
2002 Klez 750 Million
2002 BugBear 500 Million
2002 Badtrans 400 Million
2001 CodeRed 2.75 Billion
2001 Nimda 1.5 Billion
2001 SirCam 1.25 Billion
2000 ILOVEU 8.75 Billion
1999 Melissa 1.5 Billion
1999 Explorer 1.1 Billion
2232
Electronic Risk Management
spam also represents a big source of electronic

risk. Among the devastating viruses, SoBig.F (see
Table 4) spread mainly through spam. Thus, spam
can not only be a nuisance by itself, but can also
carry a payload of viruses.
Figure 1 suggests that some electronic risks
can be diminished with adequate legal protection.
However, there are limits to what can be achieved
through the enactment of new criminal and civil
laws to deal with illicit electronic activities, just
as there are limits to what the law can achieve
m o r e g e n e r a l l y. C i v i l l i t i g a t i o n i s a n e x p e n s i ve a n d
XQFHUWDLQSURFHVV-XGJPHQWVFDQEHGLI¿FXOWWR
enforce against defendants that are determined to
avoid payment. Criminal laws have not eliminated
crime. The global nature of the Internet means
that laws have to be coordinated and enforced
across international borders, introducing further
complications. As a result, managing electronic
risk requires a blend of risk reduction and legal
strategies.
A Catalog of Risks and Legal
Problems
The most common electronic risks are the follow-
ing: (1) business interruptions caused by hackers,
cybertheives, viruses, and internal saboteurs; (2)
employer liability stemming from the inappro-
priate employee use of e-mail and Internet; (3)
claims that products and services advertised on
the Web fail to deliver; (4) Web-related copyright
and trademark lawsuits; (5) patent infringement

costs; (6) fraud-extortion hybrid.
General Legal Issues
Given the international scope cyberspace, sev-
HUDOJHQHUDOOHJDOLVVXHVDULVH7KH¿UVWLVKRZWR
DGGUHVVFRQÀLFWVEHWZHHQWKHODZVRIGLIIHUHQW
jurisdictions. Whose law governs when the par-
ties involved live in different countries and the
transaction occurs in cyberspace? Many Web
VLWHVQRZXVHRQOLQH FRQWUDFWVWKDWVSHFL¿FDOO\
provide whose law will govern the transaction.
These online contracts generally require the user
to click their agreement with the terms of the
contract before they are allowed to proceed with
the transaction.
A related issue is choice of forum. Where
do you sue for breach of contract? Many online
contracts also provide the answer to this question.
However, where there is no contract involved, such
as in cases of fraud or negligence, the issues of
FRQÀLFWRIODZVDQGFKRLFHRIIRUXPPD\QRWKDYH
clear answers. Moreover, the choice of forum that
Figure 1. Spam has become a huge segment of e-mails
0%
10%
20%
30%
40%
50%
60%
70%

80%
90%
100%
6-03 10-03 1-04 4-04 8-04 11-04 2-05 5-05 9-05
month-year
High profile legal actions in U.S.
Directive 2002/58/EC
CAN-SPAM legislation
Spams as a percent of total e-mails
2233
Electronic Risk Management
LVRIWKHPRVWEHQH¿WWRWKHSDUW\ZKRLVVXLQJ
for damages will be the jurisdiction in which the
assets are located that will serve to satisfy any
award for damages. Alternatively, the plaintiff
may prefer to sue in its own jurisdiction due to
convenience or familiarity with the system.
If a plaintiff chooses to sue in a particular
jurisdiction, that does not resolve the matter. In
each jurisdiction, courts apply their own rules to
determine whether to exercise jurisdiction over
the defendant in a given case. For example, many
U.S. courts base the decision to accept jurisdic-
tion in Internet transactions on the nature and
quality of the commercial activity. If a foreign
defendant enters into contracts with residents in
the jurisdiction that involve knowing and repeated
WUDQVPLVVLRQRIFRPSXWHU¿OHVRYHUWKH,QWHUQHW
the court will accept jurisdiction. On the other
hand, if the defendant merely operates a passive

Web site that posts information that is accessible
to users in other jurisdictions, the court will not
exercise jurisdiction (Gasparini, 2001).
One crucial question is, who do you sue? In
cases involving employees, it is generally wise
to sue both the individual and the employer. In
determining who to sue, several questions must
be considered. Who has liability? Who has assets
that can be seized to satisfy a judgment award-
ing damages? Where are the assets? What is the
procedure to seize the assets in the jurisdiction
in which they are located? Are the assets acces-
sible? For example, are they held in the name of
the responsible person and in a jurisdiction where
the judgment can be enforced? In some jurisdic-
tions, enforcing judgments may be problematic.
For example, in Mexico, bank secrecy laws may
prevent a determination of what assets are avail-
able to satisfy a judgment. In addition, enforcing
the judgments of courts from one country in a
second country can be problematic where the
second country has no procedure for recognizing
the awards of foreign courts.
Another important consideration is litigation
risk. Litigation is costly and the outcome is un-
certain. Even if the plaintiff secures judgment in
his favor, enforcement may not be possible. If the
party claiming damages is not able to collect from
the guilty party, the cost of litigation is wasted.
This leads to another important question. Is the

guilty party insured? Does the insurance contract
provide coverage for actions that generated legal
liability? Should it?
BUSINESS INTERRUPTIONS
Any kind of business interruption is costly. It
can increase cost of doing business or reduce
revenue or both. It does not matter if it stems from
VWULNHV¿UHSRZHUIDLOXUHKDFNHUVRUVDERWHXUV
Electronic risk is increasingly becoming a bigger
threat to business.
For example, a hacker overwhelmed several
large Web sites through multiple distributed de-
nial-of-service (DDOS) attacks. The culprit hi-
jacked various computers throughout the world to
bombard target servers with seemingly legitimate
requests for data. It is estimated that the DDOS
attacks, which interrupted the sites’ ability to
HI¿FLHQWO\FRQGXFWWKHLUEXVLQHVVFDXVHGRYHU
$1.2 billion in lost business income. (http://www.
insurenewmedia.com/html/claimsexample.htm)
This raises several legal issues. The denial of
service that occurs when the server fails could
expose the business to claims for damages for
breach of contract from clients. In the contract,
the server agrees to provide the service. If the
LQWHUUXSWLRQRIVHUYLFHFDXVHV¿QDQFLDOORVVIRU
example, due to lost business, the administrator
of the server may be liable for the loss. Liability
will depend on the terms of each contract. For
example, if a force majeure clause excuses the

server from performing the contract in the event
of power outages or hacker attacks, there will be
no liability.
The denial of service could also give rise to
a claim for damages based on the negligence of
the server administrator. Where the server can