Understanding Risk Management and Compliance, What Is Different After Monday, December 22, 2014
Book Details
Author(s)George Lekatis
ISBN / ASINB00R8MSRG2
ISBN-13978B00R8MSRG8
Sales Rank2,141,230
MarketplaceUnited States 🇺🇸
Description
We have some really large IT-driven transformation projects in the European Union, and some major challenges faced by the IT departments of financial institutions.
Today we can start with a really interesting speech, from a person that is familiar with the problems and difficulties associated with a bank's IT infrastructure.
The keynote speech by Dr Joachim Nagel, Member of the Executive Board of the Deutsche Bundesbank, is really great. He said:
“On the one hand, the yardstick by which a bank's chief information officer (CIO) is measured is the way in which he or she supports the institution's core business areas by delivering high-quality IT services and products, which should ideally be standardised and streamlined.
IT security is coming increasingly into play here.
On the other hand, he or she is also expected to demonstrate a high level of agility and innovative ability in the face of stiffer competition, including from enterprises outside the traditional banking sector.â€
“Big data, "datability", social media and cloud computing undoubtedly all open up additional major opportunities for banks.
Yet at the same time they pose new challenges, especially with respect to IT security.â€
“Reports in the press recently made frequent mention of a "wave of regulation" inundating the banks' IT.
There was even talk of "excessive regulation" or a "regulatory tsunami".
With all sympathy for the great challenges that the banks are facing, we should not forget why these demands arose.
They were due to sometimes glaring errors in developments and to a lack of meaningful possibilities of analysing the data that existed at the banks - both before the crisis and to this very day.
What we have observed from inspections at the banks is that IT at most banks is suffering from data not being collected and maintained in accordance with uniform standards and that there are only limited automated facilities for analysing these data and thus utilising them for a forward-looking risk management.
Risk silos exist.
The outcome of this is that the management often finds itself in a situation where decisions have to be made with insufficient knowledge of the facts.
This chiefly concerns banks with an international focus, which admittedly find it difficult to coordinate IT spread over a large number of locations.
More than for others, however, it is absolutely essential for them to do so in order to hold their own in a volatile economic environment.
The whole thing is not just a problem for German banks; according to a study by the Basel Committee, it concerns more or less all international banks.
It goes without saying that no "data graveyards" should be created.
I think that, together with the financial institutions, we will strike a healthy and, above all, viable balance in the future as well.
Furthermore, many of the regulations have not been newly invented; they are already national banking supervision reality.
In Germany, for example, the implementation of section 25 of the Banking Act (Kreditwesengesetz, KWG) and the Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement, MaRisk) means that many of the mentioned requirements are already common practice among supervisors.
Warren Buffett is quoted as saying "Someone is sitting in the shade today because someone planted a tree a long time ago."
As I see it, the IT departments that have consistently and promptly implemented the requirements of earlier inspection practice are well equipped for the future demands of IT.â€
“Another new aspect is that large institutions' reports of large exposures exceeding €300 million could contain up to 200 MB of data per submission.â€
“Data structures based on defined, uniform procedures allow information to be transmitted in a more efficient manner that is less prone to errors, and subsequently processed and evaluated.
Today we can start with a really interesting speech, from a person that is familiar with the problems and difficulties associated with a bank's IT infrastructure.
The keynote speech by Dr Joachim Nagel, Member of the Executive Board of the Deutsche Bundesbank, is really great. He said:
“On the one hand, the yardstick by which a bank's chief information officer (CIO) is measured is the way in which he or she supports the institution's core business areas by delivering high-quality IT services and products, which should ideally be standardised and streamlined.
IT security is coming increasingly into play here.
On the other hand, he or she is also expected to demonstrate a high level of agility and innovative ability in the face of stiffer competition, including from enterprises outside the traditional banking sector.â€
“Big data, "datability", social media and cloud computing undoubtedly all open up additional major opportunities for banks.
Yet at the same time they pose new challenges, especially with respect to IT security.â€
“Reports in the press recently made frequent mention of a "wave of regulation" inundating the banks' IT.
There was even talk of "excessive regulation" or a "regulatory tsunami".
With all sympathy for the great challenges that the banks are facing, we should not forget why these demands arose.
They were due to sometimes glaring errors in developments and to a lack of meaningful possibilities of analysing the data that existed at the banks - both before the crisis and to this very day.
What we have observed from inspections at the banks is that IT at most banks is suffering from data not being collected and maintained in accordance with uniform standards and that there are only limited automated facilities for analysing these data and thus utilising them for a forward-looking risk management.
Risk silos exist.
The outcome of this is that the management often finds itself in a situation where decisions have to be made with insufficient knowledge of the facts.
This chiefly concerns banks with an international focus, which admittedly find it difficult to coordinate IT spread over a large number of locations.
More than for others, however, it is absolutely essential for them to do so in order to hold their own in a volatile economic environment.
The whole thing is not just a problem for German banks; according to a study by the Basel Committee, it concerns more or less all international banks.
It goes without saying that no "data graveyards" should be created.
I think that, together with the financial institutions, we will strike a healthy and, above all, viable balance in the future as well.
Furthermore, many of the regulations have not been newly invented; they are already national banking supervision reality.
In Germany, for example, the implementation of section 25 of the Banking Act (Kreditwesengesetz, KWG) and the Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement, MaRisk) means that many of the mentioned requirements are already common practice among supervisors.
Warren Buffett is quoted as saying "Someone is sitting in the shade today because someone planted a tree a long time ago."
As I see it, the IT departments that have consistently and promptly implemented the requirements of earlier inspection practice are well equipped for the future demands of IT.â€
“Another new aspect is that large institutions' reports of large exposures exceeding €300 million could contain up to 200 MB of data per submission.â€
“Data structures based on defined, uniform procedures allow information to be transmitted in a more efficient manner that is less prone to errors, and subsequently processed and evaluated.
More Books by George Lekatis
