Governance, Risk & Compliance
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

Dr Neil Dodgson Director Risk and Compliance Solutions EMEA Financial Services PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on
  • Presentation posted in: General

Governance, Risk & Compliance An Integrated Framework People, Processes & Platform. Dr Neil Dodgson Director Risk and Compliance Solutions EMEA Financial Services. Safe Harbor Statement.

Download Presentation

Dr Neil Dodgson Director Risk and Compliance Solutions EMEA Financial Services

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Dr neil dodgson director risk and compliance solutions emea financial services

Governance, Risk & Compliance

An Integrated Framework

People, Processes & Platform

Dr Neil Dodgson

Director Risk and Compliance Solutions

EMEA Financial Services


Safe harbor statement

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Why bother

Why Bother?


Governance risk and compliance grc at a glance

Governance, Risk, and Compliance (GRC) At-a-Glance

Governance

  • Set and evaluate performance against objectives

  • Authorize business strategy & model to achieve objectives

Culture

  • Establish an organizational climate and individual mindset that promotes trust, integrity, and accountability

Governance

Culture

Risk

Compliance

Risk Management

  • Identify, assess, and address potential obstacles to achieving objectives

  • Identify / address violation of mandated and voluntary boundaries

Compliance

  • Encourage / require compliance with established policies and boundaries

  • Detect non-compliance and respond accordingly

Source: Open Compliance and Ethics Group


Good grc is good business reputational strategic risk executives seek returns from grc investment

Share-price performance of companiescomplying with SOX rules

Price of control deficiency for

$1 billion company

28%

26%

$10 million in higher cost of equity capital

Reported control weakness 2004-05

No control weaknesses in 2004 -05

Control weakness in 2004, but none in 2005

6%

Source: Lord & Benoit, 2006

Source: University of Wisconsin, 2006

Savings on legal liability avoidancefrom GRC investment

Opportunity cost of siloed GRC

Spending on Compliance

Resources for innovation

Ad hocApproach

Cost of GRC

$1

Savings on Lower Legal Liability

PlatformApproach

$5

# of GRC projects

Source: General Counsel Roundtable, 2006

Good GRC is Good Business: Reputational & Strategic Risk Executives Seek Returns from GRC Investment


What are the grc management challenges enterprise wide responsibility

What Are the GRC Management Challenges?Enterprise-Wide Responsibility

CIO

Chief Compliance Officer (CCO)

Chief Risk Officer (CRO)

CFO / VP of

Finance

CEO

  • Increasing efficiency & consistency of compliance processes

  • Reducing fees & regulatory actions by reducing compliance violations

  • Planning and oversight of compliance management resources

  • Identifying and implementing optimal detective & preventive controls

  • Reducing the total cost of GRC

  • Timely notification of control issues, material weaknesses and violations

  • Accurate & comprehensive information on financial results, compliance and audit

  • Balancing the range of enterprise risks

  • Evaluating business requirements and technical risk capabilities

  • Reducing organizational cost of risk exposure and cost of mitigation or acceptance

  • Ensuring Auditable, secure information

  • Automating GRC information management

  • Eliminating multiple internal GRC solutions

  • Implementing IT platform for GRC standardization, simplification & security


Dr neil dodgson director risk and compliance solutions emea financial services

Risk & Compliance Officers

What Keeps You Awake at Night?

DATA

Prison


Grc requirements and complexity increase across the map

Engineering

IT Governance

StrategicAlignment

U.S.

Germany

Japan

U.K.

France

China

Canada

India

RecordsRetention

EU Directives

HIPAA

SOX

JSOX

FDA

Basel II

CreditRiskMgmt

Sales & Mktg

WorkforceGovernance

GLBA

Purchasing

Financial ReportingCompliance

AuditManagement

Service

OperationalRiskMgmt

Data Privacy

Service LevelCompliance

Finance

MarketRiskMgmt

SupplyChainTraceability

Suppliers

LegalDiscovery

Customers

GRC Requirements and Complexity Increase Across the Map

Manufacturing

Apps Server

Data Warehouse

EnterpriseApplications

Database

Mainframes

Mobile Devices


Traditional approach

Traditional Approach????


Integrated risk compliance framework

Integrated Risk & Compliance Framework

Capital Management/Basel II/Solvency II/BI

Dashboards

Economic Capital

RAPM

Risk Management

HR

Market

Credit

Operational

ALM

Learning Management

Loss

Internal Controls & SOX

Actions

RCSA

Process Mapping

KRI / KCI

Documentation

Monitoring & Compliance

KYC/CDD

AML

Fraud

MiFID

Financial Control & Reporting

Core Financials

Budgeting & Planning

BI

Enterprise Content Management

Records Management

Legal Discovery

Change Management

COBIT:Security, Identity & Data Management

Encryption

Audit

Segregation of Duties

Identity Mgmt

Data Warehousing

Master Data

BPEL Workflow Management


Dr neil dodgson director risk and compliance solutions emea financial services

Governance, Risk & Compliance

People

Know Your Employee


Foster a culture of ethics and excellence with workforce governance

Foster a Culture of Ethics and Excellencewith Workforce Governance

Self-Paced Employee Learning

Ensure employees understand regulations and policies in most time- and cost-effective manner

Prove employee acknowledgment of accountability

Trust single source of authoritative information for policy and procedure reference

Central Policy & Procedure Portal


Dr neil dodgson director risk and compliance solutions emea financial services

Governance, Risk & Compliance

Processes


A holistic grc framework for

A Holistic GRC framework for:

SOX requires Identification of Risks and the management of Controls thru Assessments

RCSA - Operational Risk requires the Identification of Risks and the management of Controls thru Self Assessments

MiFID and RegNMS require Client Suitability and Transaction Surveillance

AML requires KYC and Transaction Surveillance

Fraud Detection Requires both Transaction Monitoring and Risk & Control Self Assessment

A Common Process understanding for Compliance and Operational Risk would be a first step to GRC convergence


Grc framework converging requirements

GRC framework: Converging Requirements

GRC Framework


Recent incidents and possible lessons learned

Recent Incidents and possible lessons learned

Identifies the need for an independent Compliance monitoring system that can detect suspicious or irregular activity among all trades and orders in the organization.

Identifies danger of using in-house systems for Compliance monitoring

Identifies lack of adequate Surveillance and Behaviour Pattern Detection.

Good Risk management DOES NOT Equal Good COMPLIANCE

Identifies an ongoing need for Operational Risk to be more closely monitored and enforced within the financial organizations.

Near-Real-Time alert generation of potentially fraudulent behaviours, irregular behaviours, excessively large positions, and other suspicious patterns

An holistic view across all areas is required to provide transparency across multiple-asset classes and jurisdictions to avoid hidden P&L

Integrated GRC systems


The police behaviour detection platform overview

The Police : Behaviour Detection Platform Overview

Reports & Analytical Tools

Compliance Monitoring

CONFLICTS OF INTEREST

BEST EXECUTION

TRADE TRANSPARENCY

Case Mgmt

Alert Management

Data Model & Behavior Detection

Data Ingestion


One implementation solves many problems

One Implementation Solves Many Problems

Abusive

Squeezes

Price

Improvement

Insider Trading

Painting the Tape

Jrnls Btwn Unrel.

High Risk Instructions

Parking

Wash Trades

Rapid Mvt

Possible CTR

Hidden Networks

Structuring

High Risk Geo

Trading Ahead

Sanctions List

Change In Behaviour

ATM Fraud

Network of Acco

300+

n

ENTERPRISE SURVEILLANCE

Fraud and Identity Theft

Trading Compl.

AML

OpRisk Key Indicators

Broker

Surveillance

Customer Cross Sales

Investment Manager

Surveillance

Best Ex

Cust

Suitabi.

BEHAVIOR DETECTION

PLATFORM

Financial Services Data Model

(FSDM)

Scenario Development Toolkit

Behavior Detection Engines

Workflow Manager

Data Ingestion

Global Retail Banking

Corresp. Banking

Global Private Banking

Global Fixed Income

Global Capital Markets

MBS

Retail Brokerage

Asset

Mgmt

Global Instl. Brokerage

Global Liquidity

Global Wholesale

Integrated behavior detection solution


Enterprise risk compliance performance management

Enterprise Risk,Compliance & Performance Management

Databases

BI Dashboards

Analytics Server

Profitability /

Risk Engine

Data Warehouse

Managing Risk, Performance & Profitability Across the Enterprise

Compliance

Performance

Risk Management

Profitability

  • Multi Dimensional Profitability

  • Customer Profitability Available to Front Office

  • Product and Branch Profitability

  • Activity Based Costing

  • Transfer Pricing

  • Planning & Budgeting

  • Performance Scorecards

  • Operational Cost Analysis

  • Risk Adjusted Performance Mgmt

  • Risk Assessment/Quantification

  • Credit, Market & Operational Risk

  • Complete & Transparent Audit Trail

  • Asset/Liability Mgmt

  • Regulatory Compliance

  • Basel II

  • SOX

  • Anti-Money Laundering

  • Regulatory Reporting

  • Internal Controls Manager


Dr neil dodgson director risk and compliance solutions emea financial services

COMPANY OVERVIEW

  • Fifth largest bank holding company in the US, based on assets under mgmt

  • Third-largest U.S. full-service brokerage firm, based on client assets under mgmt

  • $700 million in managed assets

  • 110,000 employees

CUSTOMERPERSPECTIVE

"We have been extremely impressed with the ability to bring data together from disparate sources and make it easy to access and leverage across the organization.”

Brian Collins, Technical Sponsor

CHALLENGES / OPPORTUNITIES

  • Lack of a centralized view of Investment Bank Deposit, Loans, Product Fees, and Sales

  • GRC-related data from multiple, non-integrated data sources & applications

  • Time-consuming and labor-intensive core data management

  • Poor data quality and inadequate user satisfaction

RESULTS

  • Delivered role-based access to multiple data sources for Fixed Income, Treasury, and Investment Banking in 100 days

  • Provided over 300 key performance, risk and compliance metrics on a consolidated, real-time dashboard

  • Saved up to 80 hours each month with Automated Variance Analysis

  • Expects to increase cross sell and up sell revenue by 75%

SOLUTIONS

  • Business Intelligence (Analytics)

  • Reveleus Basel II


Dr neil dodgson director risk and compliance solutions emea financial services

Customer ExampleTier 2 Regional Bank, within US Top 25, 321 branches

Reporting

Executive Dashboard

Top Bottom

Products

RAROC

Scorecard

Profitability

Transactions

Role based dashboards driving insight from robust detail account level data containing statistical information, revenue, expense and derived calculations from a single source


Liquidity risk analytics

Liquidity Risk Analytics


Compliance alerts fraud rogue trader market abuse aml

Compliance Alerts: Fraud, Rogue Trader, Market Abuse, AML

:


Dr neil dodgson director risk and compliance solutions emea financial services

Governance, Risk & Compliance

Platform


Dr neil dodgson director risk and compliance solutions emea financial services

<Insert Picture Here>

Richard Thomas Information CommissionerInformation Commissioners Office

"Business and public sector leaders must take their data protection obligations more seriously… privacy must be given more priority in every UK boardroom. Organisations that fail to process personal information in line with the Principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers."

How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?


Information risk continues unabated information security becomes part of overarching grc strategy

50% of 1,000 executives polled said information technology is the most challenging area in achieving Sarbanes-Oxley 404 compliance

Source: KPMG 404 Institute, 2006

Information Risk Continues UnabatedInformation Security Becomes Part of Overarching GRC Strategy


Key grc foundation components

Key GRC Foundation Components

  • Data Classification, Categorisation & Security

    • How customers’ use Oracle Label Security assign and protect sensitive or high risk data categories

    • How this can be extended to cater for non-oracle structured data

  • Identity & Access Management

    • How customers use Oracle Identity Manager, Oracle Access Manager, Oracle Risk Based Authentication and Oracle Role Manager, to attest, manage, control, provision and de-provision access to systems and data

  • Segregation of Duties Controls

    • How customers use Oracle database Vault to protect high risk data from the insider threat

  • Audit Controls

    • How customer use Oracle Audit Vault to ‘trust but verify’ access and changes to key data items


Integrated risk compliance framework1

Integrated Risk & Compliance Framework

Capital Management/Basel II/Solvency II/BI

Dashboards

Economic Capital

RAPM

Risk Management

HR

Market

Credit

Operational

ALM

Learning Management

Loss

Internal Controls & SOX

Actions

RCSA

Process Mapping

KRI / KCI

Documentation

Monitoring & Compliance

KYC/CDD

AML

Fraud

Trading

Financial Control & Reporting

Core Financials

Budgeting & Planning

BI

Enterprise Content Management

Records Management

Legal Discovery

Change Management

COBIT:Security, Identity & Data Management

Encryption

Audit

Segregation of Duties

Identity Mgmt

Data Vault

Master Data

BPEL Workflow Management


C level objective

C Level Objective


  • Login