P2P金融风险管控中英文对照外文翻译文献

金融体系中英文对照外文翻译文献(文档含英文原文和中文翻译)Comparative Financial Systems1 What is a Financial System?The purpose of a financial system is to channel funds from agents with surpluses to agents with deficits. In the traditional literature there have be en two approaches to analyzing this process. The first is to consider how agents interact through financial markets. The second looks at the operation offinancial intermediaries such as banks and insurance companies. Fifty years ago, the financial system co uld be neatly bifurcated in this way. Rich house-holds and large firms used the equity and bond markets,while less wealthy house-holds and medium and small firms used banks, insurance companies and other financial institutions. Table 1, for example, shows the ownership of corporate equities in 1950. Households owned over 90 percent. By 2000 it can be seen that the situation had changed dramatically.By then households held less than 40 percent, nonbank intermediaries, primarily pension funds and mutual funds, held over 40 percent. This change illustrates why it is no longer possible to consider the role of financial markets and financial institutions separately. Rather than intermediating directly between households and firms, financial institutions have increasingly come to intermediate between households and markets, on the one hand, and between firms and markets,on the other. This makes it necessary to consider the financial system as anirreducible whole.The notion that a financial system transfers resources between households and firms is, of course, a simplification. Governments usually play a significant role in the financial system. They are major borrowers, particularlyduring times of war, recession, or when large infrastructure projects are being undertaken. They sometimes also save significant amounts of funds. For example, when countries such as Norway and many Middle Eastern States have access to large amounts of natural resources (oil), the government may acquire large trust funds on behalf of the population.In addition to their roles as borrowers or savers, governments usually playa number of other important roles. Central banks typically issue fiat money and are extensively involved in the payments system. Financial systems with unregulated markets and intermediaries, such as the US in the late nineteenth century, often experience financial crises.The desire to eliminate these crises led many governments to intervene in a significant way in the financial system. Central banks or some other regulatory authority are charged with regulating the banking system and other intermediaries, such as insurance companies. So in most countries governments play an important role in the operation of financialsystems. This intervention means that the political system, which determines the government and its policies, is also relevant for the financial system.There are some historical instances where financial markets and institutions have operated in the absence of a well-defined legal system, relyinginstead on reputation and other im plicit mechanisms. However, in most financial systems the law plays an important role. It determines what kinds ofcontracts are feasible, what kinds of governance mechanisms can be used for corporations, the restrictions that can be placed on securities and so forth. Hence, the legal system is an important component of a financial system.A financial system is much more than all of this, however. An important pre-requisite of the ability to write contracts and enforce rights of various kinds is a system of accounting. In addition to allowing contracts to be written, an accounting system allows investors to value a company more easily and to assess how much it would be prudent to lend to it. Accounting information is only one type of information (albeit the most important) required by financial systems. The incentives to generate and disseminate information are crucial features of a financial system.Without significant amounts of human capital it will not be possible for any of these components of a financial system to operate effectively. Well-trained lawyers, accountants and financial professionals such as bankers are crucial for an effective financial system, as the experience of Eastern Europe demonstrates.The literature on comparative financial systems is at an early stage. Our survey builds on previous overviews by Allen (1993), Allen and Gale (1995) and Thakor (1996). These overviews have focused on two sets of issues.(1)Normative: How effective are different types of financial system atvarious functions?(2) Positive: What drives the evolution of the financial system?The first set of issues is considered in Sections 2-6, which focus on issues of investment and saving, growth, risk sharing, information provision and corporate governance, respectively. Section 7 consider s the influence of law and politics on the financial system while Section 8 looks at the role financial crises have had in shaping the financial system. Section 9 contains concludingremarks.2 Investment and SavingOne of the primary purposes of the financial system is to allow savings to be invested in firms. In a series of important papers, Mayer (1988, 1990) documents how firms obtained funds and financed investment in a number of different countries. Table 2 shows the results from the most recent set of studies, based on data from 1970-1989, using Mayer’s methodology. The figures use data obtained from sources-and-uses-of-funds statements. For France, the data are from Bertero (1994), while for the US, UK, Japan and Germany they are from Corbett and Jenkinson (1996). It can be seen that internal finance is by far the most important source of funds in all countries.Bank finance is moderately important in most countries and particularly important in Japan and France. Bond finance is only important in the US and equity finance is either unimportant or negative (i.e., shares are being repurchased in aggregate) in all countries. Mayer’s studies and those using his methodology have had an important impact because they have raised the question of how important financial marke ts are in terms of providing funds for investment. It seems that, at least in the aggregate, equity markets are unimportant while bond markets are important only in the US. These findings contrast strongly with theemphasis on equity and bond markets in the traditional finance literature. Bank finance is important in all countries,but not as important as internal finance.Another perspective on how the financial system operates is obtained by looking at savings and the holding of financial assets. Table 3 shows t he relative importance of banks and markets in the US, UK, Japan, France and Germany. It can be seen that the US is at one extreme and Germany at the other. In the US, banks are relatively unimportant: the ratio of assets to GDP is only 53%, about a third the German ratio of 152%. On the other hand, the US ratio of equity market capitalization to GDP is 82%, three times the German ratio of 24%. Japan and the UK are interesting intermediate cases where banks and markets are both important. In France, banks are important and markets less so. The US and UK are often referred to as market-based systems while Germany, Japan and France are often referred to as bank-based systems. Table 4 shows the total portfolio allocation of assets ultimately owned by the household sector. In the US and UK, equity is a much more important component of household assets than in Japan,Germany and France. For cash and cash equivalents (which includes bank accounts), the reverse is true. Tables 3 and 4 provide an interesting contrast to Table 2. One would expect that, in the long run, household portfolios would reflect the financing patterns of firms. Since internal finance accrues to equity holders, one might expect that equity would be much more important in Japan, France and Germany. There are, of course, differences in the data sets underlying the different tables. For example, household portfolios consist of financial assets and exclude privately held firms, whereas the sources-and-uses-of-funds data include all firms. Nevertheless, it seem s unlikely that these differences could cause such huge discrepancies. It is puzzling that these different ways of viewing the financial system produce such radically different results.Another puzzle concerning internal versus external finance is the difference between the developed world and emerging countries. Although it is true for the US, UK, Japan, France, Germany and for most other developed countries that internal finance dominates external finance, this is not the case for emerging countries. Singh and Hamid (1992) and Singh (1995) show that, for a range of emerging economies, external finance is more important than internal finance. Moreover, equity is the most important financing instrument and dominates debt. This difference between the industrialized nations and the emerging countries has so far received little attention. There is a large theoretical literature on the operation of and rationale for internal capital markets. Internal capital markets differ from external capital markets because of asymmetric information, investment incentives, asset specificity, control rights, transaction costs or incomplete markets There has also been considerable debate on the relationship between liquidity and investment (see, for example, Fazzari, Hubbard and Petersen(1988), Hoshi, Kashyap and Scharfstein (1991))that the lender will not carry out the threat in practice, the incentive effect disappears. Although the lender’s behavior is now ex post optimal, both parties may be worse off ex ante.The time inconsistency of commitments that are optimal ex ante and suboptimal ex post is typical in contracting problems. The contract commits one to certain courses of action in order to influence the behavior of the other party. Then once that party’s behavior has been determined, the benefit of the commitment disappears and there is now an incentive to depart from it.Whatever agreements have been entered into are subject to revision because both parties can typically be made better offby “renegotiating” the original agreement. The possibility of renegotiation puts additional restrictions on the kind of contract or agreement that is feasible (we are referring here to the contract or agreement as executed, ratherthan the contract as originally written or conceived) and, to that extent, tends to reduce the welfare of both parties ex ante. Anything that gives the parties a greater power to commit themselves to the terms of the contract will, conversely, be welfare-enhancing.Dewatripont and Maskin (1995) (included as a chapter in this section) have suggested that financial markets have an advantage over financial intermediaries in maintaining commitments to refuse further funding. If the firm obtains its funding from the bond market, th en, in the event that it needs additional investment, it will have to go back to the bond market. Because the bonds are widely held, however, the firm will find it difficult to renegotiate with the bond holders. Apart from the transaction costs involved in negotiating with a large number of bond holders, there is a free-rider problem. Each bond holder would like to maintain his original claim over the returns to the project, while allowing the others to renegotiate their claims in order to finance the additional investment. The free-rider problem, which is often thought of as the curse of cooperative enterprises, turns out to be a virtue in disguise when it comes to maintaining commitments.From a theoretical point of view, there are many ways of maintaining a commitment. Financial institutions may develop a valuable reputation for maintaining commitments. In any one case, it is worth incurring the small cost of a sub-optimal action in order to maintain the value of the reputation. Incomplete information about the borrower’s type may lead to a similar outcome. If default causes the institution to change its beliefs about the defaulter’s type, then it may be optimal to refuse to deal with a firm after it has defaulted. Institutional strategies such as delegating decisions to agents who are given no discretion to renegotiate may also be an effective commitment device.Several authors have argued that, under certain circumstances, renegotiation is welfare-improving. In that case, the Dewatripont-Maskin argument is turned on its head. Intermediaries that establish long-term relationships with clients may have an advantage over financial markets precisely because it is easier for them to renegotiate contracts.The crucial assumption is that contracts are incomplete. Because of the high transaction costs of writing complete contracts, some potentially Pareto-improving contingencies are left out of contracts and securities. This incompleteness of contracts may make renegotiation desirable. The missing contingencies can be replaced by contract adjustments that are negotiated by the parties ex post, after they observe the realization of variables on which the contingencies would have been based. The incomplete contract determines the status quo for the ex post bargaining game (i.e., renegotiation)that determines the final outcome.An import ant question in this whole area is “How important are these relationships empirically?” Here there does not seem to be a lot of evidence.As far as the importance of renegotiation in the sense of Dewatripont and Maskin (1995), the work of Asquith, Gertner and Scharfstein (1994) suggests that little renegotiation occurs in the case of financially distressed firms.Conventional wisdom holds that banks are so well secured that they can and do “pull the plug” as soon as a borrower becomes distressed, leaving theunsecured creditors and other claimants holding the bag.Petersen and Rajan (1994) suggest that firms that have a longer relationship with a bank do have greater access to credit, controlling for a number of features of the borrowers’ history. It is not clea r from their work exactly what lies behind the value of the relationship. For example, the increased access to credit could be an incentive device or it could be the result ofgreater information or the relationship itself could make the borrower more credit worthy. Berger and Udell (1992) find that banks smooth loan rates in response to interest rate shocks. Petersen and Rajan (1995) and Berlin and Mester (1997) find that smoothing occurs as a firm’s credit risk changes.Berlin and Mester (1998) find that loan rate smoothing is associated with lower bank profits. They argue that this suggests the smoothing does not arise as part of an optimal relationship.This section has pointed to a number of issues for future research.• What is the relationship between th e sources of funds for investment,as revealed by Mayer (1988, 1990), and the portfolio choices of investorsand institutions? The answer to this question may shed some light onthe relative importance of external and internal finance.• Why are financing patterns so different in developing and developedeconomies?• What is the empirical importance of long-term relationships? Is renegotiationimportant is it a good thing or a bad thing?• Do long-term relationships constitute an important advantage of bankbasedsystems over market-based systems?金融体系的比较1、什么是金融体系？一个金融系统的目的（作用）是将资金从盈余者（机构）向短缺者（机构）转移（输送）。

金融风险管理外文翻译文献(文档含英文原文和中文翻译)原文：Enterprise Risk Management in InsuranceEnterprise Risk Management (hereinafter referred as “ERM”) interests a wide range of professions (e.g., actuaries, corporate financial managers, underwriters, accountants,and internal auditors), however, current ERM solutions often do not cover all risks because they are motivated by the core professional ethics and principles of these professions who design and administer them. In a typical insurance company all such professions work as a group to achieve the overriding corporate objectives.Risk can be defined as factors which prevent an organization in achieving its objectives and risks affect organizations holistically. The management of risk in isolation often misses its big picture. It is argued here that a holistic management of risk is logical and is the ultimate destination of all general management activities.Moreover, risk management should not be a separate function of the business process;rather, managing downside risk and taking the opportunities from upside risk should be thekey management goals. Consequently, ERM is believed as an approach to risk management, which provides a common understanding across the multidisciplinary groups of people of the organization. ERM should be proactive and its focus should be on the organizations future. Organizations often struggle to see and understand the full risk spectrum to which they are exposed and as a result they may fail to identify the most vulnerable areas of the business. The effective management of risk is truly an interdisciplinary exercise grounded on a holistic framework.Whatever name this new type of risk management is given (the literature refers to it by diverse names, such as Enterprise Risk Management, Strategic Risk Management, and Holistic Risk Management) the ultimate focus is management of all significant risks faced by the organization. Risk is an integral part of each and every action of the organization in the sense that an organization is a basket of contracts associated with risk (in terms of losses and opportunities). The idea of ERM is simple and logical, but implementation is difficult. This is because its involvement with a wide stakeholder community, which in turn involves groups from different disciplines with different beliefs and understandings. Indeed, ERM needs theories (which are the interest of academics) but a grand theory of ERM (which invariably involves an interdisciplinary concept) is far from having been achieved.Consequently, for practical proposes, what is needed is the development of a framework(a set of competent theories) and one of the key challenges of this thesis is to establish the key features of such a framework to promote the practice of ERM. Multidisciplinary Views of RiskThe objective of the research is to study the ERM of insurance companies. In line with this it is designed to investigate what is happening practically in the insurance industry at the current time in the name of ERM. The intention is to minimize the gap between the two communities (i.e., academics and practitioners) in order to contribute to the literature of risk management.In recent years ERM has emerged as a topic for discussion in the financial community,in particular, the banks and insurance sectors. Professional organizations have published research reports on ERM. Consulting firms conducted extensive studies and surveys on the topic to support their clients. Rating agencies included theERM concept in their rating criteria. Regulators focused more on the risk management capability of the financial organizations. Academics are slowly responding on the management of risk in a holistic framework following the initiatives of practitioners.The central idea is to bring the organization close to the market economy. Nevertheless,everybody is pushing ERM within the scope of their core professional understanding.The focus of ERM is to manage all risks in a holistic framework whatever the source and nature. There remains a strong ground of knowledge in managing risk on an isolated basis in several academic disciplines (e.g., economics, finance, psychology,sociology, etc.). But little has been done to take a holistic approach of risk beyond disciplinary silos. Moreover, the theoretical understanding of the holistic (i.e., multidisciplinary)properties of risk is still unknown. Consequently, there remains a lack of understanding in terms of a common and interdisciplinary language for ERM.Risk in FinanceIn finance, risky options involve monetary outcomes with explicit probabilities and they are evaluated in terms of their expected value and their riskiness. The traditional approach to risk in finance literature is based on a mean-variance framework of portfolio theory, i.e., selection and diversification. The idea of risk in finance is understood within the scope of systematic (non-diversifiable) risk and unsystematic (diversifiable)risk. It is recognized in finance that systematic risk is positively correlated with the rate of return. In addition, systematic risk is a non-increasing function of a firm’s growth in terms of earnings. Another established concern in finance is default risk and it is argued that the performance of the firm is linked to the firm’s default risk. A large part of finance literature deals with severa l techniques of measuring risks of firms’ investment portfolios (e.g., standard deviation, beta, VaR, etc.). In addition to the portfolio theory, Capital Asset Pricing Model (CAPM) was discovered in finance to price risky assets on the perfect capital markets. Finally, derivative markets grew tremendously with the recognition of option pricing theory.Risk in EconomicsRisk in economics is understood within two separate (independent) categories,i.e.,endogenous (controllable) risk and background (uncontrollable) risk. It is recognized that economic decisions are made under uncertainty in the presence of multiple risks.Expected Utility Theory argues that peoples’ risk attitude on the size of risk (small,medium, large) is derived from the utility-of-wealth function, where the utilities of outcomes are weighted by their probabilities. Economists argue that people are risk averse (neutral) when the size of the risks is large (small).Prospect theory provides a descriptive analysis of choice under risk. In economics, the concept of risk-bearing preferences of agents for independent risks was described under the notion of “ standard risk aversion.” Most of the economic research on risk is originated on the study of decision making behavior on lotteries and other gambles. Risk in PsychologyWhile economics assumes an individual’s risk preference is a function of probabilistic beliefs, psychology explores how human judgment and behavior systematically forms such beliefs. Psychology talks about the risk taking behavior (risk preferences).It looks for the patterns of human reactions to the context, reference point,mental categories and associations that influence how people make decisions.The psychological approach to risk draws upon the notion of loss aversion that manife sts itself in the related notion of “regret.” According to Willett; “risk affects economic activity through the psychological influence of uncertainty.” Managers’ attitude of risk taking is often described from the psychological point of view in terms of feelings.Psychologists argue that risk, as a multidisciplinary concept, can not be reduced meaningfully by a single quantitative treatment. Consequently, managers tend to utilize an array of risk measurers to assist them in the decision making process under uncertainty. Risk perception plays a central role in the psychological research on risk, where the key concern is how people perceive risk and how it differs to the actual outcome. Nevertheless, the psychological research on risk provides fundamental knowledge of how emotions are linked to decision making.Risk in SociologyIn sociology risk is a socially constructed phenomenon (i.e., a social problem) and defined as a strategy referring to instrumental rationality. The sociologicalliterature on risk was originated from anthropology and psychology is dominated by two central concepts. First, risk and culture and second, risk society. The negative consequences of unwanted events (i.e., natural/chemical disasters, food safety) are the key focus of sociological researches on risk. From a sociological perspective entrepreneurs remain liable for the risk of the society and responsible to share it in proportion to their respective contributions. Practically, the responsibilities are imposed and actions are monitored by state regulators and supervisors.Nevertheless, identification of a socially acceptable threshold of risk is a key challenge of many sociological researches on risk.Convergence of Multidisciplinary Views of RiskDifferent disciplinary views of risk are obvious. Whereas, economics and finance study risk by examining the distribution of corporate returns, psychology and sociology interpret risk in terms of its behavioral components. Moreover, economists focus on the economic (i.e., commercial) value of investments in a risky situation.In contrast, sociologists argue on the moral value (i.e., sacrifice) on the risk related activities of the firm. In addition, sociologists’ criticism of economists’concern of risk is that although they rely on risk, time, and preferences while describing the issues related to risk taking, they often miss out their interrelationships(i.e., narrow perspective). Interestingly, there appears some convergence of economics and psychology in the literature of economic psychology. The intention is to include the traditional economic model of individuals’ formal rational action in the understanding of the way they actually think and behave (i.e., irrationality).In addition, behavioral finance is seen as a growing discipline with the origin of economics and psychology. In contrast to efficient market hypothesis behaviour finance provides descriptive models in making judgment under uncertainty.The origin of this convergence was due to the discovery of the prospect theory in the fulfillment of the shortcomings of von Neumann-Morgenstern’s utility theory for providing reasons of human (irrational) behavior under uncertainty (e.g., arbitrage).Although, the overriding enquiry of disciplines is the estimation of risk, they comparing and reducing into a common metric of many types of risks are there ultimate difficulty. The key conclusion of the above analysis suggests that there existoverlaps on the disciplinary views of risk and their interrelations are emerging with the progress of risk research. In particular, the central idea of ERM is to obscure the hidden dependencies of risk beyond disciplinary silos.Insurance Industry PracticeThe practice of ERM in the insurance industry has been drawn from the author’s PhD research completed in 2006. The initiatives of four major global European insurers(hereinafter referred as “CASES”) were studied for this purpose. Out of these four insurers one is a reinsurer and the remaining three are primary insurers. They were at various stages of designing and implementing ERM. A total of fifty-one face-to-face and telephone interviews were conducted with key personnel of the CASES in between the end of 2004 and the beginning of 2006. The comparative analysis (compare-and-contrast) technique was used to analyze the data and they were discussed with several industry and academic experts for the purpose of validation. Thereafter,a conceptual model of ERM was developed from the findings of the data.Findings based on the data are arranged under five dimensions. They are understanding;evaluation; structure; challenges, and performance of ERM. Understanding of ERMIt was found that the key distinction in various perceptions of ERM remains between risk measurement and risk management. Interestingly, tools and processes are found complimentary. In essence, meaning that a tool can not run without a process and vice versa. It is found that the people who work with numbers (e.g.,actuaries, finance people, etc.) are involved in the risk modeling and management(mostly concerned with the financial and core insurance risks) and tend to believe ERM is a tool. On the other hand internal auditors, company secretaries, and operational managers; whose job is related to the human, system and compliance related issues of risk are more likely to see ERM as a process.ERM: A ProcessWithin the understanding of ERM as a process, four key concepts were found. They are harmonization, standardization, integration and centralization. In fact, they are linked to the concept of top-down and bottom-up approaches of ERM.The analysis found four key concepts of ERM. They are harmonization,standardization,integration and centralization (in decreasing order of importance). It was also found that a unique understanding of ERM does not exist within the CASES, rather ERM is seen as a combination of the four concepts and they often overlap. It is revealed that an understanding of these four concepts including their linkages is essential for designing an optimal ERM system.Linkages Amongst the Four ConceptsAlthough harmonization and standardization are seen apparently similar respondents view them differently. Whereas, harmonization allows choices between alternatives,standardization provides no flexibility. Effectively, harmonization offers a range of identical alternatives, out of which one or more can be adopted depending on the given circumstances. Although standardization does not offer such flexibility,it was found as an essential technique of ERM. Whilst harmonization accepts existing divergence to bring a state of comparability, standardization does not necessarily consider existing conventions and definitions. It focuses on a common standard, (a “top-down” approach). Indeed, integration of competent policies and processes,models, and data (either for management use, compliance and reporting) are not possible for global insurers without harmonizing and standardizing them. Hence, the research establishes that a sequence (i.e., harmonization, standardization, integration,and then centralization) is to be maintained when ERM is being developed in practice (from an operational perspective). Above all, the process is found important to achieve a diversified risk culture across the organization to allocate risk management responsibilities to risk owners and risk takers.ERM: A ToolViewed as a tool, ERM encompasses procedures and techniques to model and measure the portfolio of (quantifiable) enterprise risk from insurers’ core disciplinary perspective. The objective is to measure a level of (risk adjusted) capital(i.e., economic capital) and thereafter allocation of capital. In this perspective ERM is thought as a sophisticated version of insurers’ asset-liability management.Most often, extreme and emerging risks, which may bring the organization down,are taken into consideration. Ideally, the procedure of calculating economic capital is closely linked to the market volatility. Moreover, the objective is clear, i.e., meetingthe expectation of shareholders. Consequently, there remains less scope to capture the subjectivity associated with enterprise risks.ERM: An ApproachIn contrast to process and tool, ERM is also found as an approach of managing the entire business from a strategic point of view. Since, risk is so deeply rooted in the insurance business, it is difficult to separate risk from the functions of insurance companies. It is argued that a properly designed ERM infrastructure should align risk to achieve strategic goals. Alternatively, application of an ERM approach of managing business is found central to the value creation of insurance companies.In the study, ERM is believed as an approach of changing the culture of the organization in both marketing and strategic management issues in terms of innovating and pricing products, selecting profitable markets, distributing products, targeting customers and ratings, and thus formulating appropriate corporate strategies. In this holistic approach various strategic, financial and operational concerns are seen integrated to consider all risks across the organization.It is seen that as a process, ERM takes an inductive approach to explore the pitfalls (challenges) of achieving corporate objectives for broader audience (i.e.,stakeholders) emphasizing more on moral and ethical issues. In contrast, as a tool,it takes a deductive approach to meet specific corporate objectives for selected audience(i.e., shareholders) by concentrating more on monitory (financial) outcomes.Clearly, the approaches are complimentary and have overlapping elements. 作者：M Acharyya译文：保险业对企业风险管理的实证研究企业风险管理涉及各种行业(如保险精算师、公司财政经理、保险商、会计和内部审计员)，当前企业风险管理解决方案往往不能涵盖所有的风险，因为这些方案取决于决策者和执行则的专业道德和原则。

互联网金融安全中英文对照外文翻译文献中英文对照外文翻译文献(文档含英文原文和中文翻译)Database Security in a Web Environment IntroductionDatabases have been common in government departments and commercial enterprises for many years. Today, databases in any organization are increasingly opened up to a multiplicity of suppliers, customers, partners and employees - an idea that would have been unheard of a few years ago. Numerous applications and their associated data are now accessed by a variety of users requiring different levels of access via manifold devices and channels – often simultaneously. For example:• Online banks allow customers to perform a variety of banking operations - via the Internet and over the telephone – whilst maintaining the privacy of account data.• E-Commerce merchants and their Service Providers must store customer, order and payment data on their merchant server - and keep it secure.• HR departments allow employees to update their personal information –whilst protecting certain management information from unauthorized access.• The medical profession must protect the confidentiality of patient data –whilst allowing essential access for treatment.• Online brokerages need to be able to provide large numbers of simultaneous users with up-to-date and accurate financial information.This complex landscape leads to many new demands upon system security. The global growth of complex web-based infrastructures is driving a need for security solutions that provide mechanisms to segregate environments; perform integrity checking and maintenance; enable strong authentication andnon-repudiation; and provide for confidentiality. In turn, this necessitates comprehensive business and technical risk assessment to identify the threats,vulnerabilities and impacts, and from this define a security policy. This leads to security definitions throughout the infrastructure - operating system, database management system, middleware and network.Financial, personal and medical information systems and some areas of government have strict requirements for security and privacy. Inappropriate disclosure of sensitive information to the wrong parties can have severe social, legal and regulatory consequences. Failure to address the basics can result in substantial direct and consequential financial losses - witness the fraud losses through the compromise of several million credit card numbers in merchants’ databases [Occf], plus associated damage to brand-image and loss of consumer confidence.This article discusses some of the main issues in database and web server security, and also considers important architecture and design issues.A Simple ModelAt the simplest level, a web server system consists of front-end software and back-end databases with interface software linking the two. Normally, the front-end software will consist of server software and the network server operating system, and the back-end database will be a relational orobject-oriented database fulfilling a variety of functions, including recording transactions, maintaining accounts and inventory. The interface software typically consists of Common Gateway Interface (CGI) scripts used to receive information from forms on web sites to perform online searches and to update the database.Depending on the infrastructure, middleware may be present; in addition, security management subsystems (with session and user databases) that address the web server’s and related applications’ requirements for authentication, accesscontrol and authorization may be present. Communications between this subsystem and either the web server, middleware or database are via application program interfaces (APIs)..This simple model is depicted in Figure 1.Security can be provided by the following components:• Web server.• Middleware.• Operating system.. Figure 1: A Simple Model.• Database and Database Management System.• Security management subsystem.The security of such a system addressesAspects of authenticity, integrity and confidentiality and is dependent on the security of the individual components and their interactions. Some of the most common vulnerabilities arise from poor configuration, inadequate change control procedures and poor administration. However, even if these areas are properlyaddressed, vulnerabilities still arise. The appropriate combination of people, technology and processes holds the key to providing the required physical and logical security. Attention should additionally be paid to the security aspects of planning, architecture, design and implementation.In the following sections, we consider some of the main security issues associated with databases, database management systems, operating systems and web servers, as well as important architecture and design issues. Our treatment seeks only to outline the main issues and the interested reader should refer to the references for a more detailed description.Database SecurityDatabase management systems normally run on top of an operating system and provide the security associated with a database. Typical operating system security features include memory and file protection, resource access control and user authentication. Memory protection prevents the memory of one program interfering with that of another and limits access and use of the objects employing techniques such as memory segmentation. The operating system also protects access to other objects (such as instructions, input and output devices, files and passwords) by checking access with reference to access control lists. Security mechanisms in common operating systems vary tremendously and, for those that are lacking, there exists special-purpose security software that can be integrated with the existing environment. However, this can be an expensive, time-consuming task and integration difficulties may also adversely impact application behaviors.Most database management systems consist of a number of modules - including database querying and database and file management - along with authorization, concurrent access and database description tables. Thesemanagement systems also use a variety of languages: a data definition language supports the logical definition of the database; developers use a data manipulation language; and a query language is used by non-specialist end-users.Database management systems have many of the same security requirements as operating systems, but there are significant differences since the former are particularly susceptible to the threat of improper disclosure, modification of information and also denial of service. Some of the most important security requirements for database management systems are: • Multi-Level Access Control.• Confidentiality.• Reliability.• Integrity.• Recovery.These requirements, along with security models, are considered in the following sections.Multi-Level Access ControlIn a multi-application and multi-user environment, administrators, auditors, developers, managers and users – collectively called subjects - need access to database objects, such as tables, fields or records. Access control restricts the operations available to a subject with respect to particular objects and is enforced by the database management system. Mandatory access controls require that each controlled object in the database must be labeled with a security level, whereas discretionary access controls may be applied at the choice of a subject.Access control in database management systems is more complicated than in operating systems since, in the latter, all objects are unrelated whereas in a database the converse is true. Databases are also required to make accessdecisions based on a finer degree of subject and object granularity. In multi-level systems, access control can be enforced by the use of views - filtered subsets of the database - containing the precise information that a subject is authorized to see.A general principle of access control is that a subject with high level security should not be able to write to a lower level object, and this poses a problem for database management systems that must read all database objects and write new objects. One solution to this problem is to use a trusted database management system.ConfidentialitySome databases will inevitably contain what is considered confidential data. For example, it could be inherently sensitive or its source may be sensitive, or it may belong to a sensitive table, thus making it difficult to determine what is actually confidential. Disclosure is also difficult to define, as it can be direct, indirect, involve the disclosure of bounds or even mere existence.An inference problem exists in database management systems whereby users can infer sensitive information from relatively insensitive queries. A trivial example is a request for information about the average salary of an employee and the number of employees turns out to be just one, thus revealing the employee’s salary. However, much more sophisticated statistical inference attacks can also be mounted. This highlights the fact that, although the data itself may be properly controlled, confidential information may still leak out.Controls can take several forms: not divulging sensitive information to unauthorized parties (which depends on the respective subject and object security levels), logging what each user knows or masking response data. The first control can be implemented fairly easily, the second quickly becomesunmanageable for a large number of users and the third leads to imprecise responses, and also exemplifies the trade-off between precision and security. Polyinstantiation refers to multiple instances of a data object existing in the database and it can provide a partial solution to the inference problem whereby different data values are supplied, depending on the security level, in response to the same query. However, this makes consistency management more difficult.Another issue that arises is when the security level of an aggregate amount is different to that of its elements (a problem commonly referred to as aggregation). This can be addressed by defining appropriate access control using views.Reliability, Integrity and RecoveryArguably, the most important requirements for databases are to ensure that the database presents consistent information to queries and can recover from any failures. An important aspect of consistency is that transactions execute atomically; that is, they either execute completely or not at all.Concurrency control addresses the problem of allowing simultaneous programs access to a shared database, while avoiding incorrect behavior or interference. It is normally addressed by a scheduler that uses locking techniques to ensure that the transactions are serial sable and independent. A common technique used in commercial products is two-phase locking (or variations thereof) in which the database management system controls when transactions obtain and release their locks according to whether or not transaction processing has been completed. In a first phase, the database management system collects the necessary data for the update: in a second phase, it updates the database. This means that the database can recover from incomplete transactions by repeatingeither of the appropriate phases. This technique can also be used in a distributed database system using a distributed scheduler arrangement.System failures can arise from the operating system and may result in corrupted storage. The main copy of the database is used for recovery from failures and communicates with a cached version that is used as the working version. In association with the logs, this allows the database to recover to a very specific point in the event of a system failure, either by removing the effects of incomplete transactions or applying the effects of completed transactions. Instead of having to recover the entire database after a failure, recovery can be made more efficient by the use of check pointing. It is used during normal operations to write additional updated information - such as logs, before-images of incomplete transactions, after-images of completed transactions - to the main database which reduces the amount of work needed for recovery. Recovery from failures in distributed systems is more complicated, since a single logical action is executed at different physical sites and the prospect of partial failure arises.Logical integrity, at field level and for the entire database, is addressed by the use of monitors to check important items such as input ranges, states and transitions. Error-correcting and error-detecting codes are also used.Security ModelsVarious security models exist that address different aspects of security in operating systems and database management systems. For example, theBell-LaPadula model defines security in terms of mandatory access control and addresses confidentiality only. The Bell LaPadula models, and other models including the Biba model for integrity, are described more fully in [Cast95] and [Pfle89]. These models are implementation-independent and provide a powerfulinsight into the properties of secure systems, lead to design policies and principles, and some form the basis for security evaluation criteria.Web Server SecurityWeb servers are now one of the most common interfaces between users and back-end databases, and as such, their security becomes increasingly important. Exploitation of vulnerabilities in the web server can lead to unforeseen attacks on middleware and backend databases, bypassing any controls that may be in place. In this section, we focus on common web server vulnerabilities and how the authentication requirements of web servers and databases are met.In general, a web server platform should not be shared with other applications and should be the only machine allowed to access the database. Using a firewall can provide additional security - either between the web server and users or between the web server and back-end database - and often the web server is placed on a de-militarized zone (DMZ) of a firewall. While firewalls can be used to block certain incoming connections, they must allow HTTP (and HTTPS) connections through to the web server, and so attacks can still be launched via the ports associated with these connections.VulnerabilitiesVulnerabilities appear on a weekly basis and, here, we prefer to focus on some general issues rather than specific attacks. Common web server vulnerabilities include:• No policy exists.• The default configuration is on.• Reusable passwords appear in clear.• Unnecessary ports available for network services are not disabled.• New security holes are not tracked. Even if they are, well-known vulnerabilities are not always fixed as the source code patches are not applied by system administrator and old programs are not re-compiled or removed.• Security tools are not used to scan the network for weaknesses and changes or to detect intrusions.• Faulty and buggy software - for example, buffer overflow and stack smashingAttacks• Automatic directory listings - this is of particular concern for the interface software directories.• Server root files are generally visible or accessible.• Lack of logs and bac kups.• File access is often not explicitly configured by the system administrator according to the security policy. This applies to configuration, client, administration and log files, administration programs, and CGI program sources and executables. CGI scripts allow dynamic web pages and make program development (in, for example, Perl) easy and rapid. However, their successful exploitation may allow execution of malicious programs, launching ofdenial-of-service attacks and, ultimately, privilege escalation on a server.Web Server and Database AuthenticationWhile user, browser and web server authentication are relatively well understood [Garf97], [Ghos98] and [Tree98], the introduction of additional components, such as databases and middleware, raise a number of authentication issues. There are a variety of options for authentication in a simple model (Figure 1). Firstly, both the web server and database management system can individually authenticate a user. This option requires the user to authenticatetwice which may be unacceptable in certain applications, although a singlesign-on device (which aims to manage authentication in a user-transparent way) may help. Secondly, a common approach is for the database to automatically grant user access based on web server authentication. However, this option should only be used for accessing publicly available information. Finally, the database may grant user access employing the web server authentication credentials as a basis for its own user authentication, using security management subsystems (Figure 1). We consider this last option in more detail.Web-based communications use the stateless HTTP protocol with the implication that state, and hence authentication, is not preserved when browsing successive web pages. Cookies, or files placed on user’s machine by a web server, were developed as a means of addressing this issue and are often used to provide authentication. However, after initial authentication, there is typically no re authentication per page in the same realm, only the use of unencrypted cookies (sometimes in association with IP addresses). This approach provides limited security as both cookies and IP addresses can be tampered with or spoofed.A stronger authentication method, commonly used by commercial implementations, uses digitally signed cookies. This allows additional systems, such as databases, to use digitally signed cookie data, including a session ID, as a basis for authentication. When a user has been authenticated by a web server (using a password, for example), a session ID is assigned and is stored in a security management subsystem database. When a user subsequently requests information from a database, the database receives a copy of the session ID, the security management subsystem checks this session ID against its local copy and, if authentication is successful, user access is granted to the database.The session ID is typically transmitted in the clear between the web server and database, but may be protected by SSL or even by physical security measures. The communications between the browser and web servers, and the web servers and security management subsystem (and its databases), are normally protected by SSL and use a web server security API that is used to digitally sign and verify browser cookies. The communications between the back-end databases and security management subsystem (and its databases) are also normally protected by SSL and use a database security API that verifies session Ids originating from the database and provides additional user authorization credentials. The web server security API is generally proprietary while, for the database security API, many vendors have adopted standards such as the Generic Security Services API (GSS-API) or CORBA [RFC2078] and [Corba].Architecture and DesignSecurity requirements for designing, building and implementing databases are important so that the systems, as part of the overall infrastructure, meet their requirements in actual operation. The various security models provide an important insight into the design requirements for databases and their management systems.Secure Database Management System ArchitecturesIn multi-level database management systems, a variety of architectures are possible: trusted subject, integrity locked, kernels and replicated. Trusted subject is used by most of the leading database management system vendors and can be integrated in existing products. Basically, the trusted subject architecture allows users to access a database via an un trusted front-end, a trusted database management system and trusted operating system. The operating systemprovides physical access to the database and the database management system provides multilevel object protection.The other architectures - integrity locked, kernels and replicated - all vary in detail, but they use a trusted front-end and an un trusted database management system. For details of these architectures and research prototypes, the reader is referred to [Cast95]. Different architectures are suited to different environments: for example, the trusted subject architecture is less integrated with the underlying operating system and is best suited when a trusted path can be assured between applications and the database management system.Secure Database Management System DesignAs discussed above, there are several fundamental differences between operating system and database management system design, including object granularity, multiple data types, data correlations and multi-level transactions. Other differences include the fact that database management systems include both physical and logical objects and that the database lifecycle is normally longer.These differences must be reflected in the design requirements which include:• Access, flow and infer ence controls.• Access granularity and modes.• Dynamic authorization.• Multi-level protection.• Polyinstantiation.• Auditing.• Performance.These requirements should be considered alongside basic information integrity principles, such as:• Well-formed transactions - to ensure that transactions are correct and consistent.• Continuity of operation - to ensure that data can be properly recovered, depending on the extent of a disaster.• Authorization and role management – to ensure that distinct roles are defined and users are authorized.• Authenticated users - to ensure that users are authenticated.• Least privilege - to ensure that users have the minimal privilege necessary to perform their tasks.• Separation of duties - to ensure that no single individual has access to critical data.• Delegation of authority - to ensure that the database management system policies are flexible enough to meet the organization’s requirements.Of course, some of these requirements and principles are not met by the database management system, but by the operating system and also by organizational and procedural measures.Database Design MethodologyVarious approaches to design exist, but most contain the same main stages. The principle aim of a design methodology is to provide a robust, verifiable design process and also to separate policies from how policies are actually implemented. An important requirement during any design process is that different design aspects can be merged and this equally applies to security.A preliminary analysis should be conducted that addresses the system risks, environment, existing products and performance. Requirements should then beanalyzed with respect to the results of a risk assessment. Security policies should be developed that include specification of granularity, privileges and authority.These policies and requirements form the input to the conceptual design that concentrates on subjects, objects and access modes without considering implementation details. Its purpose is to express information and process flows in a complete and consistent way.The logical design takes into account the operating system and database management system that will be used and which of the security requirements can be provided by which mechanisms. The physical design considers the actual physical realization of the logical design and, indeed, may result in a revision of the conceptual and logical phases due to physical constraints.Security AssuranceOnce a product has been developed, its security assurance can be assessed by a number of methods including formal verification, validation, penetration testing and certification. For example, if a database is to be certified as TCSEC Class B1, then it must implement the Bell-LaPadula mandatory access control model in which each controlled object in the database must be labeled with a security level.Most of these methods can be costly and lengthy to perform and are typically specific to particular hardware and software configurations. However, the international Common Criteria certification scheme provides the added benefit of a mutual recognition arrangement, thus avoiding the prospect of multiple certifications in different countries.ConclusionThis article has considered some of the security principles that are associated with databases and how these apply in a web based environment. Ithas also focused on important architecture and design principles. These principles have focused mainly on the prevention, assurance and recovery aspects, but other aspects, such as detection, are equally important in formulating a total information protection strategy. For example, host-based intrusion detection systems as well as a robust and tested set of business recovery procedures should be considered.Any fit-for-purpose, secure e-business infrastructure should address all the above aspects: prevention, assurance, detection and recovery. Certain industries are now starting to specify their own set of global, secure e-business requirements. International card payment associations have recently started to require minimum information security standards from electronic commerce merchants handling credit card data, to help manage fraud losses and associated impacts such as brand-image damage and loss of consumer confidence.网络环境下的数据库安全简介数据库在政府部门和商业机构得到普遍应用已经很多年了。

文献出处:Aronson J. The research of P2P model of financial [J] Value Creation in E-Business Management, 2016,12(5):85-95.原文The research of P2P model of financialAronson JAbstractThe development of the Internet financial, constantly create new financial model, P2P is one of the new financial model, the development of rapid direct threat to the commercial Banks in the financial world's dominance. In P2P explosive savage growth process, however, there are regulatory or incomplete system, risk control measures is not mature, P2P financial platform collapse would happen often, this leads to the development of P2P is in trouble Based on this, this paper introduces the P2P concepts and the reasons on the basis of the financial model, analyzes the difficulties faced by the current P2P financial model, and accordingly put forward the development of P2P financial model.Keywords: P2P financial mode; The theoretical analysis; Measures1 IntroductionThe wide application of Internet technology, when science and technology combined with financial, gives rise to some emerging Internet model, P2P has greatly reduced the transaction cost, satisfy the customer demand for financial, especially the working class and the small and medium-sized enterprise loan demand. But so far, due to the lack of innovation mode of financial supervision, to information asymmetry, imperfect credit system construction, and low security of adverse effect caused by funds, hindered the healthy and orderly development of P2P.For Internet financial can inject vigor, continuing for the financial sector to the real economy better service, we must strengthen the industry regulation, establish effective credit evaluation system and P2P platform to establish effective risk control system.So-called peer-to-peer (P2P), is the abbreviation of English Peer to Peer, meaning "person-to-person", refers to the directly by third-party Internet platform of money lending financing behavior, is a kind of direct financing behavior of individualto individual. It originated in Britain, and later to the United States, Germany and other countries, China introduced in 2007.In our country, its typical model is: the network credit companies provide a platform, by borrowing free bids, brokered transactions. Money lenders to obtain interest income with the risk; Money borrowed people due to repay the principal, the network credit charge intermediary company.Peer-to-peer (P2P) the causes of financial mode mainly lies in the fact that Internet technology rapidly Exhibition. With the development of Internet, the scope of its popularization in our country is more and more widely, new technology and new business forms appear constantly, and gradually extended to the financial sector, the financial and the Internet fusion degree in the process of deepening, the financial industry got the booming development, at the same time, also produced a P2P financial mode; Fill the shortcoming in traditional financial business function in our country at present. Let those be bank financial products and loan threshold shut out of the working class and the small and medium-sized enterprises can also have the opportunity to enjoy the financial services. Working class a large body of demand for money have great demand; Other small and medium-sized enterprises (SEM) in many places the arrested development, mainly due to small and medium-sized enterprises (smes) in bank loans difficult, loans due to the high cost. In order to promote the development of their own, small and medium-sized enterprises to seek other financing mode, which promote the generation of the P2P financial model.2 The status quo of P2P financial model2.1 P2P financial models lack of effective supervisionRelative to the early start of online banking, online securities and so on in the form of financial regulatory policy relatively incomplete, relatively mature management framework. But P2P financial mode in 2012 entered the blowout outbreak period. But the Internet financial regulatory agencies and related regulatory policy did not keep up with the pace of its rapid development, for the development of P2P is also hinder the role. Should be further follow relevant regulations to meet the constantly enrich and expand the urgent needs of the emerging financial forms. The lack of regulation for a long time, has been out of the grey zone and regulatory gap,there are low barriers to entry, lending money monitoring vacancy, credit evaluation system is not sound, and many other problems.The industry has been in a savage growth state, run, capital chain rupture and collapse phenomenon appeared frequently. ack of legal norms, unclear regulatory policy, business operation is not standard to causes such as the chaos of industry management.2.2 Domestic credit system construction is not perfectThe Internet in the financial, financial credit system is the basis of the healthy and standardizing development of the financial industry, the Internet. But the current construction of credit system is not perfect, personal credit record includes only with bank lending behavior and maintain within the Banks, other financial institutions can't call society.P2P network platform loan borrowers can only through an indirect way to verify information and the judgment through the subjective experience of auditors. Abroad in the implementation of a P2P financial model, the comparison of perfect personal credit system construction, when making loans, personal credit can achieve effective query, which leads the P2P financial mode constantly development and improvement. Internet financial enterprise credit reporting database is not perfect in our country, is not included in the central bank credit reporting system, for both the management difficulty is big, no effective mechanism and discipline and punishment.2.3 Information asymmetry cause malicious default riskOf the Internet financial transactions, payments and services are completed on the Internet, virtualization of trading, trading process is not transparent and so on have made the financial risk more diversified and uncontrolled. Of new trading patterns of this for the disclosure of the information has the certain difficulty, in P2P financial mode, due to information asymmetry, P2P platform there may be a risk, the truth of the borrower to provide information due to the master of P2P platform borrowing history data is limited, its credit rating system is also unable to grasp the situation of the borrowers, the condition of the fake information or the borrower. Once appear, default or delay balance, due to recover the cost is higher, lenders are hard to take back the principal and interest of the person failed to perform its obligations due to lending and lead to potential financial damage is one of the reasons that hinder thedevelopment of P2P.3 The implement measures3.1 Encourage innovation to strengthen the basis of industry regulationDue to P2P long-term financial platform is in a state of lack of regulation, resulting in a variety of financial risk problems occur unceasingly, serious impact on the development of P2P financial, based on this, as soon as possible, perfect the construction of Internet financial regulation legal system in our country, should provide a clear and transparent legal environment, including the market access supervision, operation supervision and exit regulatory measures to standardize the development of the P2P network platform. But don't like management of traditional financial institutions, so as not to stifle financial innovation. Perfect financial market system, pratt &whitney financial development, encourage financial innovation, rich level financial markets and products. Regulators want reasonable grasp the boundaries of innovation and strength, not to hinder the sustainable development of financial innovation, whether it be a financial product innovation, and financial service innovation. To strengthen management and ensure that financial security is very necessary, cut can not manage, weaken the vitality of financial innovation.3.2 promoting the construction of credit evaluation systemA severe credit system can restrain people daily financial activity. Therefore, in a constantly enrich financial transaction way to meet the demand of investment and financing of all social strata at the same time, the credit system construction also needs to be perfect and connectivity. At present, the central bank has started the construction of personal credit system, however, the central bank alone is not enough to build personal credit system, and will result in incomplete information system, therefore, in the process of building the personal credit system in the future, should attract more participants, to establish the perfect credit system, make scientific evaluation to the borrower's credit rating, for P2P platform provides necessary judgment. In addition, P2P financial platform should also set up its own credit system, establish a customer database, regular update of customer information in a database, at the same time, guarantee the comprehensiveness and accuracy of the new customerinformation, and effective to evaluate the customer's credit.3.3 P2P platform to strengthen risk control abilityP2P business at the core of the pricing power is in the team's own risk, the risk management ability is the core of the P2P company competitiveness. establish a risk control function is clear, for policy making, the characteristics of customer data mining, overdue customers, study and so on carries on the effective management, to standardize the front-end marketing, China audit, background collection each work orderly. At the same time, digital risk control model is established and the score card system is the effective measure to standardize P2P scientific management, with a complete set of scientific management methods, to cure it to risk control examination and approval decision engines and business process, to guide the business for examination and approval of risk control. Second, compared with the traditional financial institutions such as Banks, Internet financial firms can take advantage of big data analytics, cloud computing technology to manage customer credit evaluation and customer information, above is actually a credit evaluation system and risk control measures of innovation. Third, should attach importance to small and scattered plays important role in reducing risk, network platform, in the face of the large capital demand loan can be systemic forced to spread risk, is more than a sum of money into different sum, scattered the people who need loans to lend, risk can be effectively diluted. Fourth, guarantee qualification can be introduced with a third party professional guarantee companies provide guarantee, in case of bad debts by guarantee company compensation, in order to ensure safe operation, to ensure the safety of information and capital of investors. by using the combined risk of internal and external control means, in view of information asymmetry and capital safety is low in the strong guarantee.Era development is irreversible, the subversion and innovation of the Internet continues, because the P2P financial pattern in the global new things, the speed of development and the construction of the corresponding system is not perfect, resulting in the development of P2P financial face a lot of trouble. despite the difficulties, the game between the various arms intensified, but it's true that the development of P2Pinjected new vitality into the financial sector, in order to promote the healthy and orderly development of P2P, needs to explore the path to promote the development of P2P financial, P2P platform in the process of operation gradually improve risk control ability, ensure the safety of the funds. These efforts will make P2P financial mode gradually towards standardization and legalization, make it effectively fill the shortcoming in traditional financial business function at present, the future will be better able to make the financial service for the real economy, support the national strategic transformation of the economic structure.译文P2P金融模式研究Aronson J摘要互联网金融的发展，不断地创新出新型的金融模式，P2P就是其中一种新型金融模式，其发展的迅速直接威胁到商业银行在金融界的主导地位。

电子银行风险管理互联网金融外文文献翻译2013年3000多字E-banking has brought about a new set of risks for financial XXX risks include fraud。

processing errors。

system ns。

and other unforeseen events that can result in the XXX products or services。

It is XXX of the n to the customer and the n。

and to XXX.2.Risk management in e-bankingEffective risk management in e-XXX and analyzing potential risks。

XXX risks。

XXX.3.Security measures in e-bankingns should XXX controls。

n。

firewalls。

XXX systems。

and regular security testing and assessments.4.XXXXXX measures。

XXX passwords。

avoiding phishing scams。

XXX.5.nOverall。

effective risk management is essential for financial XXX。

ns XXX.XXX access accounts。

conduct ns。

and obtain n on financial products and services via public or private orks。

including the。

and mobile phones。

Customers can use us electronic devices。

文献信息：文献标题：Evaluating credit risk and loan performance in online Peer-to-Peer (P2P) lending（点对点(P2P)网络借贷的信用风险与贷款绩效评估）国外作者：Riza Emekter, Yanbin Tu, Benjamas Jirasakuldech, Min Lu 文献出处：《Applied Economics》, 2015, 47(1):54-70字数统计：英文3063单词，15818字符；中文5110汉字外文文献：Evaluating credit risk and loan performance in onlinePeer-to-Peer (P2P) lendingAbstract Online Peer-to-Peer (P2P) lending has emerged recently. This micro loan market could offer certain benefits to both borrowers and lenders. Using data from the Lending Club, which is one of the popular online P2P lending houses, this article explores the P2P loan characteristics, evaluates their credit risk and measures loan performances. We find that credit grade, debt-to-income ratio, FICO score and revolving line utilization play an important role in loan defaults. Loans with lower credit grade and longer duration are associated with high mortality rate. The result is consistent with the Cox Proportional Hazard test which suggests that the hazard rate or the likelihood of the loan default increases with the credit risk of the borrowers. Finally, we find that higher interest rates charged on the highrisk borrowers are not enough to compensate for higher probability of the loan default. The Lending Club must find ways to attract high FICO score and high-income borrowers in order to sustain their businesses.Key words: Peer-to-Peer lending; credit grade; FICO score; default riskI.IntroductionWith the advent of Web 2.0, it has become easy to create online markets and virtual communities with convenient accessibility and strong collaboration.One of the emerging Web 2.0 applications is the online Peer-to-Peer (P2P) lending marketplaces, where both lenders and borrowers can virtually meet for loan transactions. Such marketplaces provide a platform service of introducing borrowers to lenders, which can offer some advantages for both borrowers and lenders. Borrowers can get micro loans directly from lenders, and might pay lower rates than commercial credit alternatives. On the other hand, lenders can earn higher rates of return compared to any other type of lending such as corporate bonds, bank deposits or certificate of deposits. One of the problems in online P2P lending is information asymmetry between the borrower and the lender. That is, the lender does not know the borrower's credibility as well as the borrower does. Such information asymmetry might result in adverse selection (Akerlof, 1970) and moral hazard (Stiglitz and Weiss, 1981). Theoretically, some of these problems can be alleviated by regular monitoring, but this approach poses a challenge in the online environment because the borrowers and the buyers do not physically meet. Fostering and enhancing the lender's trust in the borrower can also be implemented to mitigate adverse selection and moral hazard problems. In the traditional bank-lending markets, banks can use collateral, certified accounts, regular reporting, and even presence of the board of directors to enhance the trust in the borrower. However, such mechanisms are difficult to implement in the online environment which will incur a significant transaction cost.To reduce lending risks associated with information asymmetry, current online P2P lending has the following arrangements. First, the Lending Club screens out any potential high-risk borrowers based on the FICO score. The minimum FICO score to be able to participate is 640. Second, the typical size of the loans produced in this market is small, which is under $35 000 at the Lending Club. Therefore, these loans are essentially microloans which pose a relatively small loss in case of default. Third, the market maker offers matchmaking systems which can be used to generate portfolio recommendations and minimize lending risks. Fourth, if a borrower fails to pay, the market maker will report the case to a credit agency and hire a collectionagency to collect the funds on behalf of the lender. Although there are certain structures imposed in the online P2P that help to minimize the risk, this form of lending is inherently associated with greater amount of risk compared to the traditional lending.The purpose of this article is to evaluate the credit risk of borrowers from one of the largest P2P platforms in the United States provided by the Lending Club, which help lenders to make more informed decisions about the risk and return efficiency of loans based on the borrowers' grade. There are two related research questions this article will address: (1) What are some of the borrowers' characteristics that help determine the default risk? and (2) Is the higher return generated from the riskier borrower large enough to compensate for the incremental risk? Lenders can allocate their investments more efficiently if they know what characteristics of the borrower affect the default risk. Each borrower is classified by credit grade with corresponding borrowing rate assigned by the Lending Club. To make an efficient allocation, a lender should know whether the higher interest rates set for high-risk borrowers are sufficient to compensate the lenders for the higher probabilities of a potential loss.Our findings suggest that borrowers with high FICO score, high credit grade, low revolving line utilization and low debt-to-income ratio are associated with low default risk. This finding is consistent with the studies by Duarte et al. (2012) who report that borrowers with a trustworthy characteristic will have better credit scores but low probability of default. This result also suggests that besides the loan applicants' social ties and friendship as reported by Freedman and Jin (2014) and Lin et al. (2013), the four factors discussed above are also important in explaining the default risk. When comparing with US national borrowers, the results show that the Lending Club should continue to screen out the borrowers with lower FICO score and attract the highest FICO score borrowers in order to significantly reduce the default risk. In relating the risk to the return, it shows that higher interest rate charged for the riskier borrower is not significant enough to justify the higher default probability. Our finding here is consistent with the study by Berkovich (2011) who reports that high quality loans offer excess return.II.Literature ReviewThree main streams of research have emerged in response to the growing popularity of P2P lending. The first stream of research examines the reasons for the emergence of online P2P lending. The second stream of research focuses on determining the factors that explain the funding success and default risk. The last stream of research investigates the performance of online P2P loan for a given level of the risk.Peer group lending has been emerging in local communities and has attracted the research in this area. Conlin (1999) develops a model to explain the existence of peer group micro-lending programmes in the United States and Canada. He finds that peer groups enable fixed costs to be imposed on the entrepreneurs while minimizing the programme's overhead costs. Ashta and Assadi (2008) investigate whether Web 2.0 techniques are integrated to support the advanced social interactions and associations with lower costs for P2P lending. Hulme and Wright (2006) study a case of online P2P lending house, Zopa, in the United Kingdom. They suggest that the emergence of online P2P lending is a direct response to social trends and a demand for new forms of relationship in financial sector under the new information age.There is extant literature that identifies the factors determining the funding success and default risk. Using the Canadian micro-credit data, Gomez and Santor (2003) find that group lending offers lower default rates than conventional individual lending does. Study by Iyer et al. (2009) shows that lenders can evaluate one third of credit risk using both hard and soft data about the borrower. Lin et al. (2013) analyse the role of social connections in evaluating credit risk and discover that strong social networking relationship is an important factor that determines the borrowing success and lower default risk. Lin et al. (2013) further report that applicants' friendship could increase the probability of successful funding, lower interest rates on funded loans, and these borrowers are associated with lower ex post default rates at Prosper. The importance of social ties in determining loans funded is also examined by Freedman and Jin (2014). The result shows that borrowers with social ties are more likely tohave their loans funded and receive lower interest rates. However, they also find evidence of risks to lenders regarding borrower participation in social networks.Several other studies examine whether certain borrowers' characteristics and personal information determine the success of loan funding and default risk. Herzenstein et al. (2008) show that borrowers' financial strength, their listing and publicizing efforts, and demographic attributes affect likelihood of funding success. Study by Duarte et al. (2012) further argues that borrowers who appear more trustworthy have better credit score with higher probabilities of having their loans funded and default less often. Larrimore et al. (2011) demonstrate that borrowers who use extended narratives, concrete descriptions and quantitative words have positive impact on funding success. However, humanizing personal details or loan justifi cations have negative influences on funding success. Qiu et al. (2012) further reveal that in addition to personal information and social capital, other variables, including loan amount, acceptable maximum interest rate and loan period set by borrowers, significantly influence the funding success or failure.Galak et al. (2011) further show that lenders tend to favour individual over group borrowers and borrowers who are socially proximate to themselves. They also find that lenders prefer the borrowers who are more like themselves in terms of gender, occupation and first name initial. More interestingly, Gonzalez and Loureiro (2014) have similar findings: (1) when perceived age represents competence, attractiveness has no effect on loan success; (2) when lenders and borrowers are of the same gender, attractiveness might lead to a loan failure (i.e., the ‘beauty is beastly' effect) and (3) loan success is sensitive to the relative age and attractiveness of lenders and borrowers. Herzenstein et al. (2011) find that herding in the loan auction is positively related to its subsequent performance, that is whether borrowers pay the money back on time.III.DataIn this section, the loan applicants' data is first described, followed by loan distribution based on loan purposes, credit grade and loan status and it ends with thedetailed descriptive statistics of the loan applicants. This study uses 61 451 loan applications in the Lending Club from May 2007 to June 2012 obtained from . Over the study period, the Lending Club lent about $713 million to borrowers. To address the borrowers' behaviour in online P2P lending, we first examine the main reasons for borrowing money from others. Table 1 lists the borrowers' self-claimed reasons summarized in the Lending Club. Almost 70% of loan requested are related to debt consolidation or credit card debts with a total loan amount requested of approximately $387 million and $108 million, respectively. The number of loan applications for education, renewable energy and vacation contribute less than 1% of total loans with the total loan requested ranging from 1 to 3 million. The borrowers state that their preferences to borrow from the Lending Club are lower borrowing rate and inability to borrow enough money from credit cards. The second purpose for borrowing is to pay home mortgage or to re-model home.Table 1. Loan distributions by loan purpose (May 2007–June 2012)Notes: The data is obtained from 61 451 loan applicants in the Lending Club, , from May 2007 to June 2012.The loan-seeking persons are asked to provide the reasons for requesting loans.The Lending Club uses the borrower's FICO credit scores along with other information to assign a loan credit grade ranging from A1 to G5 in descending credit ranks to each loan. The detailed procedure is as follows: after assigning a base score based on FICO ratings, the Lending Club makes some adjustments depending on requested loan amount, number of recent credit inquiries, credit history length, total open credit account, currently open credit accounts and revolving line utilization todetermine the final grade, which in turn determines the interest rate on the loan.Table 2 reports the loan distribution by credit grade. The majority of borrowing requests have grades between A1 and E5. The Highest loan amounts requested are from borrowers with ‘B' credit grade, which contribute 29.56% of total amount of loans requested. The total number of applicants for this ‘B' credit grade group is 18 707, which represents total loans of approximately $210 million. The lowest loan amounts requested are from borrowers with the lowest ‘G' credit grade which accounts for 1.53% of total loans. There are only 608 loan applicants for this lowest credit rating ‘G' group and it represents approximately $11 million in total loan value. According to the Lending Club's policy, a loan credit grade is used to determine the interest rate and the maximum amount of money that a borrower can request. The higher the loan grade, the lower the interest rate. A borrowing request with a low grade renders a higher interest rate as a compensation for a high risk held by lenders. Table 2. Loans distribution by credit grades (May 2007–June 2012)Notes: The Lending Club uses the borrowers’ FICO credit scores along with other information to classify a loan from Grade A1 to G5 in descending credit risk. Therefore, A1 credit grade represents the highest credit quality/low-risk borrowers, whereas G5 credit grade represents the lowest credit quality/ high-risk borrowers. Total amount of loans requested as a percentage of total loan is 19.35% for credit grade group ‘A’, 29.56% for ‘B’, 19.94% for ‘C’, 14.84% for ‘D’, 10.15% for ‘E’, 4.59% for ‘F’ and 1.53% for ‘G’.Finally, Panel A of Table 3 shows the loan status for all the loan requests on 20 July 2012. Overall, the default rate is 4.60% with total losses of approximately $29 million. Another 2.45% of total loan requests which constitute $18.6 million could be potentially lost because the borrowers are late in making payment within 30 days or 120 days and not paying the normal instalments. 17.98% of the loans are fully paid with an approximate value of $108 million. The $557 million loans are in current status account for 74.91% of total loans. Naturally, loans with a lower grade demonstrate a higher default rate. Therefore, study on risk management on P2P lending is relevant for the lenders to optimize their investment portfolios. Panel B of Table 3 reports the loan status for the matured loans. The overall loss rate is much higher for matured loans. Among 4904 matured loans, 914 loans are charged-off, which represent 18.6%. The total loss is $5.5 million which represents 13% of all matured loans amount. Less than 1% of the matured loans are late in terms of making payment with the unpaid balance of approximately $27 000. 80.77% or $33 million of matured loans are fully paid.Table 3. Loan distribution by the loan status (May 2007–June 2012)Table 4 reports the general characteristics and credit history of the online P2P loan applicants from the Lending Club. Based on our sample of 61 451 loanapplicants, the average monthly interest charged on a loan is 12.34%. On average, 471 days passed from the issue date of the loan. The average credit grade of a borrower is 25, which corresponds to credit category between B and C. The average size of a typical loan is $11 604 and the average monthly payment is $351. The borrower in general pays back $4384 a month and has $7873 left to be paid. The average ratio of the remaining balance to total loans is 63%.Examining the borrowers' characteristics, it shows that the mean income of a borrower from the Lending Club is $5796 with the debts to income ratio of 0.1381. On average, a borrower has 9.56 open credit lines and 22 total credit lines, carries $14 315 average revolving credit balance and almost half (51.6%) of his or her credit limit. In the last six months, there is 1 credit inquiry requested by an average borrower. Average FICO score category of a typical borrower is 3.48, which corresponds to a FICO score between 680 and 750.Table 4. Descriptive statistics (May 2007–June 2012)Notes: Credit Grade is the grade assigned by the Lending Club based on the FICOrano credit rating information along with other information. Credit Grade ‘1’ is the loan category of ‘G’ which is the riskiest class of loans. Credit Grade ‘7’ is the loan category of ‘A’ which is the lowest risk borrowers. FICOrano is the credit rating of the borrowers rated by credit card companies. FICO 6 corresponds to borrowers with the FICO score above 780, FICO 5 corresponds to FICO score between 750–779, FICO 4 = 714–749, FICO 3 = 679–713, FICO 2 = 660–678 and FICO 1 = 640–659, respectively.IV.ConclusionsCredit risk is an important concern for the P2P loans. This study employs the data from the Lending Club to evaluate the credit risk of the P2P online loans. We findthat credit score, debt-to-income ratio, FICO score and revolving line utilization play an important role in determining loan default. The credit categorization used by the Lending Club successfully predicts the default probability with one exception of next lowest credit grade ‘F'. In general, higher credit grade loan is associated with lower default risk.The mortality risk also increases with the maturity of the loans. Loans with lower credit grade and longer duration are associated with high mortality rate. The Cox Proportional Hazard Test results show that as the credit risk of the borrowers increases, so does the likelihood of loan being default. However, the higher interest rate currently charged for the riskier borrower is not significant enough to justify the higher default probability. This suggests that the lenders would be better off to lend only to the safest borrowers in the highest grade category of 7 or Grade A. Increasing spreads on riskier borrower may lead to a more severe adverse selection resulting in higher default risk.The Lending Club lenders should either extend credits only to the highest grade borrower or try to find more creative ways to lower the default rate among current borrowers. When comparing with the US national consumers, borrowers with relatively higher income and potentially higher FICO scores do not participate in the P2P market. Creating incentives to attract these types of borrowers would have a significant potential to decrease the default risk in this market.中文译文：点对点（P2P）网络借贷的信用风险与贷款绩效评估摘要近年来点对点（P2P）网络借贷开始兴起。

外文文献翻译原文及译文文献出处：Jensen Fabian. The research of P2P online lending [J] Business Research, 2017, 9(3):31-41.原文The research of P2P network LendingJensen FabianAbstractMicro, small and medium enterprises is facing with financing difficulties，rural poor areas also lack of financial services，which has always been plagued policy makers of the two factors, also seriously restricted the economic development and hinder the two factors in the construction of a fair society. After the positive study of the relevant departments and academia，finally figured out "small loan company" this kind of small financial institutions，in order to the transfusion organization become the rural development and small and medium-sized enterprises (SME).Practice has proved that this kind of form does have some effect on the solution of the problem, but microfinance companies ’丨not deposit-taking’’policy, and become a big obstacle to influence its development. This makes the tighter credit environment，capital requirements of small and medium-sized enterprises and the vulnerable groups are far from satisfied. At the same time, the abnormal social folk capital abundant, high inflation，the stock market is tanking, strictlycontrol the real estate market economy, these funds need find investment breakthrough，and so a new kind of folk lending model，P2P network borrowing appeared.Keywords: P2P lending, Microfinance, Private lending1 IntroductionP2P lending (Peer - to - Peer lending) is an emerging in recent years the personal of personal credit model lending companies through the online platform set both a deaL Commitment to funding "connect”form of folk lending is emerging and increasingly prosperous. Is funding needs, while there is a desire to invest, such companies have to do is by their structures, network platform for the idle private capital looking for matches. And such companies provide essentially is a P2P (Peer to Peer or Person to Person, (individual financial information services for individuals) it is actually a kind of new flow of private capital. Platform itself the role of information intermediary，information disclosure, credit rating，fund settlement, overdue collection services, platform profit mainly comes from the customer to pay fees. In 2005, ZOPA，in London, the first microfinance website to personal online，pulled open the prelude of the P2P lending. After ten years of operation, a total of 750 million pounds of matching network. The platform Prosper2014 years accumulative total turnover of about $2.5 billion.P2Pnetwork, in countries such as Britain and the United States has been aloan in addition to the traditional savings and investment channels of the alternative (Slavin，2007).The success of the European and American practice for P2P network gradually towards the world.P2P lending in this form is in recent years the development of the abnormal rapidly, mainly because the form meets demand from both sides of the capital supply and demand of current economic situation. On the one hand, for money supply，in the face of high inflation and low bank deposits, bank deposit income is very small. At the same time, the stock market in the past two years is bad，real estate and gold investment door abuse is too high, and the current situation of risk is not small. In the face of all these various traditional investment present situation of the market situation is not optimistic, a large number of civilian capital urgently needs to find new breakthrough.P2P lending this form seems to be in order to meet the urgent demand, because this kind of investment model is unfolding the following several aspects: the advantages of high returns, basic around 20% annual return. Door, and the low just registered in relevant websites can become money lenders. High transparency, money lenders can according to the web site provides information about capital demanders object，to choose our willing to lend the money to lend，borrowers will provide regular use of funds, guarantee for capital lendersunderstand the usage and safety.2The origin of the P2P lending and the statusDue to the development of the P2P lending is less than 10 years, so the early literature focuses on introducing the origin and development of the network lending. Ferichs and Schumann (2008) mentioned that in 2005 the first lending site zopa，founded in the UK. Borrowing from a wide variety of network platforms appear in succession.Agarwal and Hauswald (2008) points out that facing the risk of moral hazard and adverse selection under asymmetric information, based on assumptions, such as disposable abandonment and anonymous trading orthodox financial institutions will be in accordance with the new market basic principles to be followed in the classical theory to its lending of small and medium-sized enterprises and farmers to provide collateral or guarantee. So those are unable to provide collateral poor farmers and small and medium-sized enterprises will be excluded from the formal financial institutions, in the end they will have to enter the network to meet the demand of their own money lending market. Slavin (2007) pointed out: the P2P loans in the United States and Britain has developed into a kind of savings and investment alternatives. Berger and Gleisner (2009) referred to in the United States first lending site prosper，com was established in 2006 in February，Germany’s first lending site was established in February 2007, at present, due to the legal system is different in different countries, almost all of the network platform lending operations are limited in the range of their own country. Ashta and Assadi (2009) research has shown that the type of online peer-to-peer lending platform and operation mode has its own features，in general they can be divided into two categories - for-profit and nonprofit platform, platform of for-profit business generally confined to the domestic, and non-profit platform to do business on a global scale. Both lenders is the biggest difference between the original and different requirements for earnings. For-profit platform lenders will risk requires a reasonable return for oneself, and non-profit lenders on the platform of general income does not make the request，they just want to ’’d o n a t e”part of his property，in order to help the poor people of the world.3The model of P2P network lendingPlatform is divided into two categories: basic for-profit and the for-profit (Ashta & Assadi，2009).Here the ’’p r o f i t”refers to the investment platform for investors- Investors profit type platform, hope by lending money to get match the economic benefits of risk. Non-profit platform of investors, the investment behavior is to help others, does not pay attention to taking economic returns. Nowadays the most profit type platforms are within the scope of its business，subject to regulatoryrequirements of the host countries (Berger, 2009)-Non-profit type platform is generally not subject to regional restriction, can operate on a global scale. The typical platform subdivided into three categories: public welfare，pure intermediary type and compound type mediation, after two classes are for-profit platform. The practice platform for the main service object as low-income people is in less developed areas. Simple mediation type platform only play the role of information intermediary, not to interfere in the user transaction. Compound intermediary platform to provide information service but also act as supervisors, joint chasing people, such as rate-setters role.3.1Public welfareKiva，founded in 2005, is an organization in Europe and the wealthy investors offering loans to small businesses in developing countries not for-profit P2P network platform. Basic obtained by raising its operating funds for small borrowers to provide low-interest loans and intermediary service free of charge. Because of the different national legal policy，Kiva f s business need to cooperate with local microfinance institutions (MFI)，through its as a middleman to supervise and repay the loan (Ashta & Assadi，2009).3.2Simple mediation typeProsper in lending transactions only simple information intermediaryrole，through information disclosure and credit ratings provide the basis for both freedom of choice，Prosper after the deal itself is no longer involved in lending transactions. The entire Prosper platform has social security number, personal id number, bank accounts and personal credit scoring more than 520 American citizens can ’’l o a n s.First i t’s borrowing set similar EBay M double blind auction model This approach based on borrowing the preference，and strives to achieve the borrower loan conditions and investors' investment speed the acceptance and balance each other，by dynamic game to get the best interest rates (Chen et al”2014).3.3Composite mediation typeZOPA, as the ancestor of P2P network credit platform, has always been considered one of the most successful P2P network model, most scholars attribute the success to perfect risk control system. First，ZOPA .among cooperation with credit rating Company，it is according to its credit rating to determine the borrower's credit rating, and arrange it into the corresponding segment of the market, for investors to choose from. Second, ZOPA, almost all engage in transactions and related affairs. In addition to providing information to act as watchdogs，check the legality of the borrower loan procedures，completeness，supervise the borrower repayment on time，etc. ZOPA, provides a more real andtransparent financial services，at the same time，effective risk control measures can make the risk lower than traditional financial institutions.4The influence factors of P2P lendingNetwork, as it were, to borrow a thing has attracted the attention of many scholars since its birth, Klafft (2008) study that due to network lending type is a new thing, the lender lack the experience of the anonymous Internet loans, this will increase the risk of lending to network. Rothschild believes in a just grew up in the imperfect market, the researchers only indirectly through study the behavior of the borrower characteristics to obtain information about the development of the network of borrowing. But according to the behavior characteristics of the borrower and the study of the relationship lending to network events are not unified conclusion at present, such as those for borrowers loan application in the attached photos of research conclusions and even on the contrary，some research results such as Andrews (2008)，it is concluded that the race, gender, personal characteristics such as little impact on the success rate of borrowing.Everett (2008) studies have found that if the loan borrowers in the group have acquaintances or merely know, makes the default rate be significantly decreased. Although Davis (2001) points out that the loan team a lack of clear ownership, while no significant characteristics andunified management decision-making mechanism, these decide whether people will join loan group is a random act. But as long as the team was able to set up loan，it can play the role of will be very important. D a t t a’s (2008) is one of the study found that the loan group leader role according to the relevant information to the t e a m’s members within the group of borrowers，and they do so power or is selfless attitude or is in order to get the corresponding reward. From this level, the loan group leaders mainly depends on the action of collecting and processing information to provide Suggestions for group members, through these behaviors, they in fact take on the role of the monitoring process of loan repayment, and in this way it indirectly promote the circulation of money lending website. According to e x p e r t’s research，in addition to loan group have a way to have obvious effect on reducing loan default rates that is to the network of group lending. This approach originated in the social network theory.5ConclusionsAfter the development history of P2P loans, theoretical basis and the development of P2P enterprise situation analysis of the P2P lending, we can find it is a full of potential and worth to continue to develop and put into lending to emerging patterns, especially considering it in solving the small micro enterprise financing difficulties and poor areas have played a huge role，need the government to make active efforts more，measures assoon as possible, in the right support and guide the development of this model.P2P网络借贷研宄Jensen Fabian摘要中小微企业融资难，贫闲地区农村缺乏金融服务，这一直是网扰政策制定者的两个因素，也是严重制约了经济发展、阻碍公平社会建设的两个因素。

本份文档包含：关于该选题的外文文献、文献综述一、外文文献标题: Online brokers lead the way for French internet finance作者: Caffard, Christophe期刊名称: International Financial Law Review卷: 20；期: 3；页: 20-24Online brokers lead the way for French internet finance1 Regulated brokersRegulated brokers are legal entities which have an investment services licence and are subject to the prudential regulations of the Comite de Reglementation Bancaire et Financiere (CRBF) and the Conseil des Marches Financiers (CMF).* Choice of legal form: regulated brokers are not required to be incorporated in a specific legal form; however, under article 13 of the MAF Law, the CECEI checks whether the legal form of the brokerage company is appropriate for providing investment services. In practice, any type of commercial company is admitted: societes de capitaux (limited companies) or societes de personnes (partnerships). The formalities of share transfer, tax and the scope of liability of a company's management will be relevant factors to the choice of legal form.* Application for an investment services licence from the CECEI: the most important part of the application is the description of the investment services, and a business plan including prospective financial statements for the following three years. The CMF will check whether the business plan is consistent with the investment services licence requested by the broker. The CECEI will ensure that the applicant's own initial funds are consistent with the business plan.The scope of the investment services licence is variable and covers one or more ofthe following investment services:Reception and transmission of orders to another investment services provider on behalf of investors, for execution. This is the core investment service provided by thebrokerage companies and, as such, a licence to provide this service is the minimum required for a brokerage company. Brokerage companies may request an investment services licence limited to the reception and transmission of orders. In this case, there will need to be a tripartite agreement between the investor, the broker and an investment services provider authorized to execute the orders of the investor. These single-- licensed brokerage companies are mere intermediaries remunerated by a commission paid by the investors. They are not entitled to benefit from the European passport under the ISD.Execution of such order other than for own account. This is defined as the execution of orders on behalf of a customer under the provision of an agency or a brokerage agreement. The brokerage company authorized to execute orders received from the investors offers a larger range of services with more potential. The broker with an investment services licence covering the execution of orders will be in charge of executing the final orders on the regulated markets, provided it is has been authorized as a market member. Unauthorized brokerage companies transmit the orders they have received to authorized market members. Authorized brokerage companies may offer investors a quasi-immediate execution of orders on the markets.Placing. This is the search for subscribers or purchasers on behalf of the issuer or seller of financial instruments. According to the CMF, in the case of a public offer of listed financial instruments placed by a market firm (for example on the Paris Stock Exchange or Nouveau March&), an online broker, which sells financial instruments online, is deemed to be providing his client with a reception-transmission of orders service and not a placing service. A placing service requires the broker to comply with capital adequacy ratios whenever it is associated with an underwriting commitment.Account-keeping, custody and clearing. These are not considered to be investment services, but assimilated services restricted to credit institutions or investment firms, and are subject to the CMF's General Regulations.CRBF regulators. CBF regulations subject brokerage companies to the following requirements: the minimum issued and paid-up share capital depends on the nature and number of investment services carried out; brokerage companies who offeraccount-keeping, custody and reception, transmission and execution of orders must have a minimum paid-up share capital of Ffrl million (about $160,000). This is reduced to Ffr350,000 when the brokerage company is not involved in account-keeping or custody services;* the minimum shareholder funds must be equal to the higher of- 25% of the overheads of the previous year, or overheads forecast in the business plan; and- the aggregate client positions divided by 150;* internal compliance procedures must be established; and* the brokerage company must comply with certain ratios relating to solvency and large exposure.Regulated brokers are also subject to the CMF's rules on the appointment of a compliance officer, information and advice for clients, mandatory clauses to be inserted in clients' agreements, professional cards required from certain employees and reporting requirements to the CMF.2 Non-regulated brokersNon-regulated brokers are sole agents appointed by an investment firm authorized by the CECEI, or an appropriate authority of an EU member state. Sole agents are nonregulated entities and are neither subject to the minimum capital and shareholder funds requirements nor to the CMF/CRBF regulations.Sole agents enter into investment services agreements with clients on behalf and in the name of their principal, who must be a regulated investment services provider. These agreements are binding on who is, as a general rule, solely liable visa-vis clients and the supervisory authorities (the CMF and/or the Bank of France). In this respect, the incorporation and activities of a sole agent brokerage is simpler, safer and cheaper than for regulated brokers. However, sole agents are fully dependent on the principal since they are not authorized to be appointed by more than one investment firm and if, for any reason, the mandate is cancelled or terminated, sole agents must stop any brokerage activity, unless they get a new mandate or are granted an investment service licence by the CECEI. Sole agents do not benefit from theEuropean passport under the ISD, as they are not considered to be investment firms. It is important to note that the sole agent does not own the brokerage business, since clients simply have a contractual relationship. This is why sole agent status is generally more suitable when the principal and agent are companies within the same group or with long-term common interests.French branches of EU investment service providersThe licence for an EU investment service provider allows it to set up branches in France, subject to authorization from the authorities of its home state.This procedure is much simpler and quicker than an application for an investment services licence with the CECEI. The other advantages of operating in France in this way are that a branch is not required to show an endowment capital in France, and that prudential ratios of the home state apply to the French branch.As a general rule under the ISD, the home state authorities retain jurisdiction over the branch in the home state, with the exception of the public policy rules, which will apply to the branches. In France, the regulation referred to below is considered to be a public policy rule with which French branches operating online brokerage services in France must comply.Regulations applicable to brokerage servicesThe offer of brokerage services and the provision of brokerage services are regulated by reference to the nature of the financial instruments offered online.The offer of brokerage servicesAdvertising / marketingThe advertising of financial instruments is heavily regulated when advertisements are included in a public offering process. In this case the advertisement is in the form of a prospectus, which must comply with COB regulations, which provide detailed requirements regarding the form and content of the prospectus. As a general rule, any other form of advertising in a public offering process must refer to the prospectus approved by the COB.* The marketing in France of financial instruments listed on a foreign market must comply with COB regulation no. 99-04. This provides that, before anytransaction, the broker must send his clients an information memorandum presenting the foreign market and the financial instruments dealt on that market. This may be sent to clients via the internet.Any advertising of operations on the foreign market must include certain mandatory information, including the identification of the legal entity which is soliciting French clients.As a general rule, the advertising of collective investment schemes is subject to regulation by the COB, which ensures that any advertisement is consistent with the notice d'information and with regulations applicable to collective investment schemes generally. SICA Vs and FCPs subject to COB regulation no. 89-02 may not be marketed until the management company has been notified of the COB's approval.However, any direct or indirect solicitation to invest in collective investment schemes subject to the simplified COB approval procedure (less formal because the scheme only targets professional investors), must contain a disclaimer informing investors that any subscription or transfer of shares or units, is restricted to qualified investors or investors whose initial investment is at least euro500,000 ($457,000) or (depending on the scheme) euro,30,000. The disclaimer must also mention that these collective investment schemes are not approved by the COB and adhere to specific investment rules.* The COB has issued guidelines no. 99-02 relating to the marketing and sale via the internet of i) collective investment scheme units or shares; and ii) discretionary mandates. These guidelines are not binding. Its purpose is to clarify certain aspects of the COB regulations which apply to collective investment schemes (management company and depositary) and to any information on financial instruments disclosed during a public offering. The COB is preparing new guidelines relating to financial advice and information disseminated via the internet.* COB regulations and recommendations are applicable to online brokers whenever financial instruments (listed or otherwise) are offered to the public.* Under the CMF's regulations, regulated brokers are bound to inform and advise their clients after having assessed their financial knowledge.* In any event, there is a prohibition on advertising units of investment funds which invest in futures markets (Article 23 of the law of 23/12/1988), or to market non-OECD financial instruments in France without the prior consent of the French Ministry of Economy.3 Canvassing lawUnder the law of 1972 relating to financial canvassing, canvassing consists of contacting potential clients by way of visits, letters, circulars and telephone calls to: i) induce them to subscribe, purchase, exchange or sell securities or participate in such operations; and ii) offer services and advice on a regular basis.The law of 1972 is not adapted to the internet and legislative reform in this field is awaited. The CMF, the COB and the CECEI consider that offers to provide e-banking and e-brokerage services would be treated in the same manner as offers of services or advice by way of letters, circulars or telephone calls.It is difficult to determine which information systems or practices will qualify as financial canvassing (and therefore regulated) or merely as financial advertising (and therefore permitted); the CECEI and the COB have not yet given any clear guidance on this question.According to a discussion and research paper on internet risk released by the Commission Bancaire (the supervisory arm of the Bank of France) in July 2000, advertising messages, including a link to the seller's site (in the case of banks) displayed on general purpose websites, or posting information, advice or offers on sites or news groups in the client's country, would be viewed as financial advertising and would not constitute financial canvassing.The Bank of France takes the view that in these examples there is no active solicitation of clients since they access the financial advertisements deliberately and of their own accord, as if visiting the premises of a bank.In contrast with these passive marketing techniques, sending messages to email addresses would be equated with sending letters and as such would qualify as canvassing, according to the Bank of France.In any case, before soliciting French customers, the brokerage company mustnotify the Bank of France (CECEI) of its intention to solicit such customers; and employees of the brokerage company must be granted a specific solicitation card by the French authorities. Any breach of this rule would constitute a criminal offence.4 Public offering regulationsPublic offering regulations are applicable whenever financial instruments are issued or transferred to the public in France, using advertising, canvassing, credit institutions or investment service providers. Public offerings are heavily regulated and are subject to a number of requirements, including prior approval by COB of a prospectus, filing with the Commercial Registry of the French translation of the issuer's constitutional documents, publication of a legal notice in the BALO and continuing information obligations.The public offering regulations apply to offers of both listed and unlisted financial instruments. In this respect, online brokers offering listed shares to the public are subject to public offering regulations and in particular COB Regulation no. 99-08, under which the online broker must comply with the following disclosure and advertising rules:* the preparation of a simplified prospectus which must be approved by the COB and made freely available to the public; and * any advertisement must refer to the simplified prospectus and specify how to obtain a copy.A private placement (as opposed to a public offering) is defined as the issue or transfer of financial instruments to qualified investors or to a restricted circle of investors.In order to ensure a private placement via the internet, it is necessary to restrict electronic access to the broker's website by passwords granted solely to qualified investors. It is also mandatory under COB Regulation No. 99-09 that a private placement disclaimer be displayed on the webpages of the broker's website. The disclaimer must mention that:* offering materials (advertisements, information memoranda, etc) have not been submitted to the COB for its approval;* qualified investors must participate in the private placement for their ownaccount;* any offer to the public of the financial instruments subscribed or purchased by the qualified investors in the private placement would be subject to public offering regulations; and* if the investors are members of a restricted circle of more than 100, they must certify that they are associated with the management of the issuer on a professional or a personal basis. The provision of online brokerage servicesRules of conduct applicable to online brokers Regulated brokers and principals of non-regulated brokers are investment service providers and are subject to the rules of conduct set out in its General Regulation. The CMF has issued General Decision no. 99-07 providing regulations and guidelines. It implements the CMF rules of conduct.As a general rule, the message must clearly identify the issuer of a message offering the service of reception or transmission of orders. In particular, the website must display the legal status of the broker and the investment service it is authorized to provide. Regulated brokers and non-regulated brokers must be clearly distinguished, and the latter must disclose the identity of their investment service provider whom they are asking as agent.If the online broker is not in charge of account-keeping and custody services, whoever is must be clearly identified. Before entering into a contract with any new client, theonline broker must verify the client's identity and domicile by requesting the following documents:a photocopy of a valid official identity document (passport, identity card, driving licence);* bank details; and* written evidence of address.The broker must send confirmation that he has received these documents and, in doing so, check the client's address. These formalities and verifications may not be carried out via the internet.Once the identity and domicile ofthe new client have been checked, the onlinebroker can provide investment services to his client where:* the client has signed an agreement relating to the evidential rules and procedures applicable to the reception of orders via the internet;* the funds or financial instruments have been credited to the client's account. This does not apply to the broker if it is not the account keeper or the custodian;* the broker has checked that its client may receive the information on the relevant financial instruments and risks via the internet; and* the broker must ensure that the client receives in advance more detailed information regarding operations involving financial instruments which do not correspond to the client's regular dealings.In cases where the broker is responsible for account-- keeping, it should operate an automated system monitoring the accounts of the client and freezing any order in the event of insufficient provision or margin cover.The CMF also recommends that this automated system should freeze any order sent by the client which does not comply with market regulations.Compliance with these rules of conduct raises problems when the broker's website is outsourced to a third party, which happens frequently. The authorities are concerned that brokers may lose control over the operation of their websites and would be unable to take any operational responsibility, while remaining liable. This is why the Commission Bancaire is considering imposing an obligation on investment firms and credit institutions providing online financial services, to monitor their outside internet service providers and/or software companies.5 Regulation of contracts entered Into by online brokersContracts with clients These are subject to the CMF regulations, and in particular to CMF General Decision no. 98-28 relating to the mandatory clauses which must be included in agreements entered into with clients. It came into force in June 2000 and any existing contract is required to be duly amended.The agreements must contain a clause setting out the identity of the client and its legal capacity. In particular, qualified investors must be identified among other legal entities as well as the investment services provided. The categories of financialinstruments and financial services must also be stated in the agreement. This is important since it is taken into account when determining whether the broker has properly assessed the skills of his client. In this respect, it is recommended that high-risk speculative and/or complex operations, such as operations on futures markets, be restricted to informed clients or to qualified investors.In practice, the online broker asks new clients to answer a questionnaire which acts as proof that the broker has fulfilled its obligations to assess the skills ofits client.The agreement must contain a confidentiality clause which is binding. In this respect, it is useful for the online broker to provide exceptions to this obligation so that information on clients can be centralized within a member ofthe same group of companies, or accessed by an outside software company.Contracts with other investment services providersThe number of contracts entered into by brokers with other investment service providers depends on the scope of its licence. Non-regulated brokers must enter into an exclusive mandate with a licensed investment service provider.Regulated brokers which are not market members or not licensed for the execution of orders must conclude a transmission of orders agreement with market members or other investment service providers.These contracts are not subject to the CMF General Decision no. 98-28 or to other specific regulations, with the exception of.* clearing agreements;* when a client gives a broker with whom he has an account an order for transmission to another non-resident institution with comparable status, the broker is forbidden from being remunerated in the form of hard commission (a commission rebate) by the institution to which the order has been transmitted; and* a non account-keeping broker receiving orders from a client for transmission to another institution may be remunerated in the form of a hard commission, provided that the broker informs the client when entering into contractual relations (and thereafter annually) of the terms and conditions and amount of the hard commission.Contracts entered into with software companiesThese contracts might at first appear to have regulatory implications. However, recent financial regulations applicable to e-- brokerage now have a direct bearing on implications for IT agreements.In practice, brokers must ensure that the operation of the website and the reception and transmission of software orders complies with the CMF General Decision and any other applicable regulations applicable. The upgrade clause of the IT agreement entered into with the software company should address the question of the software being upgraded in the event of changes to applicable regulations.It is also recommended that any outsourcing agreement contains a clause which sets out how the online broker monitors the operation of the outsourced website.二、文献综述互联网金融发展文献综述摘要互联网金融的快速发展成为近年来中国经济金融领域备受瞩目的重要现象，国内学术界讨论互联网金融的文献数量也急速膨胀，但目前尚缺少对与互联网金融相关的各类文献进行全面梳理的综述类论文。