The strongest controls can then be applied to the most valuable IT systems and data, the bank’s “crown jewels.” Proprietary trading algorithms stored on laptops, credit transaction data shared with third parties, and employee-health information-all may qualify. Adopt a business-first approachĬompanies can develop a complete picture of their information needs, uses, and risks only through a dialogue between IT and the business to identify the most critical business processes and information assets. By adhering to them, bank leaders will be able to remain in control of the rising levels of risk associated with the digital age. These principles are not a step-by-step manual but rather guidance for creating best-practice technology-risk management. We conclude with some suggestions for getting these teams off to a good start. In this article, we will outline the six principles that these teams use to stay well connected and integrated with the rest of the bank, to develop the skills needed for these complex jobs, and to drive transformation and remediation activities. Leading banks are creating specialized teams within the enterprise-risk-management group to manage technology risk, in all its manifestations, across the organization. The adequate mitigation of technology risk requires a coordinated effort that goes beyond IT-centered remedies. Institutions focused on compliance could ignore vulnerabilities outside the purview of the regulator and overlook applications critical to the business, with implications for business risk down the road. An IT-oriented approach, furthermore, may be unable to account for wider business implications and operational interdependencies. But these half-measures are unlikely to afford sufficient protection. Some have set up specialized teams to cope with particularly acute problems, such as cybersecurity. To manage these risks, many banks simply deploy their considerable IT expertise on patching holes, maintaining systems, and meeting regulations. Would you like to learn more about our Risk Practice? Basel II could not be clearer on the topic: one of its seven level-one operational-risk categories is “business disruption and systems failure.” Regulators penalize firms for noncompliance-from data breach–related fines to mandated remediation activities. Alison Smith, “Share prices are rarely hit hard by cyberattacks,” Financial Times, October 31, 2013, ft.com. Investors sell shares in the wake of cyberattacks, around 10 percent of which result in a more than 5 percent dip in the stock prices of the companies affected. If banks lose customer data in a high-profile incident, they face legal liabilities and fleeing customers. When technology risks materialize, the financial, regulatory, and reputational implications can be severe. Even banks that have successfully upgraded their infrastructure face upgrade-related risks-from project and data management to security problems that persist after the migration is complete. Many are outdated, having failed to keep pace with the radically changed processes they are supposed to support. Big banks must manage hundreds or even thousands of applications. The complexity and growing vulnerability of the underlying IT systems are of equal concern. For example, mobile transactions have expanded exponentially, presenting malicious external actors with billions of new entry points into bank systems. Michael Bloch, Sven Blumberg, and Jürgen Laartz, “ Delivering large-scale IT projects on time, on budget, and on value,” October 2012. Cybersecurity alone can account for 10 percent of total information-technology spending, which is now growing at three times the rate of the budget of the technology being secured.Įxposure to these IT risks has grown in lockstep with the rapid increase in digital services provided directly to customers. Many banks now find that these technologies are involved in more than half of their critical operational risks, which typically include the disruption of critical processes outsourced to vendors, breaches of sensitive customer or employee data, and coordinated denial-of-service attacks. While banks have greatly benefited from the software and systems that power their work, they have also become more susceptible to the concomitant risks. From the algorithms used in proprietary trading strategies to the mobile applications customers use to deposit checks and pay bills, it supports and enhances every move banks and their customers make. Technology is synonymous with the modern bank.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |