1. Compliance as a Business Opportunity �Operational Risk Reduction and Management���Beat Umbricht�Head Financial Services Marketing EMEA
2. Compliance as a Business Opportunity �- Operational Risk Reduction and Management Cisco in the Financial Services Market
Regulatory Drivers and Market Echo
Risk Reduction and Management
Compliance as a Business Opportunity
Network Relevance and Cisco‘s Response
Customer Examples
Dialog
3. Cisco in Financial Services
5. Global Regulatory Environment Homeland Security: Patriot, Patriot II
Privacy Regulation
Bank Secrecy Act
Gramm-Leach-Bliley Act (GLBA)
Fair Credit Reporting Act (FCRA)
Securities & Exchange Commission (SEC)
Sarbanes-Oxley Act (SOX)
Electronic Message Storage
Business Continuity Planning
Check Clearing for the 21st Century Act (Check 21)
Basel II and CAD3 (EU) Capital Accords
Health Information Portability and Accountability Act (HIPAA).
7. Basel II: Global Spending Forecast
8. Lafferty‘s View�Basel II: What Does it Mean for IT?
10. Basel II Framework�Minimal Capital Requirements
11. What is Operational Risk? �Event-type categories (as defined by Basel II)� Internal fraud
e.g. intentional misreporting, employee theft
External fraud
e.g. robbery, forgery, damage from computer hacking
Employment practices and workplace safety
e.g. violation of health and safety rules, discrimination claims
Clients, products & business practices
e.g. misuse of confidential customer information, money laundering
Damage to physical assets
e.g. terrorism, vandalism, earthquakes
Business disruption and system failures
e.g. hardware/software failures, telecommunication problems
Execution, delivery & process management
e.g. data entry errors, incomplete legal documentation
12. What Is Operational Risk?
13. Basel II Definition of Operational Risk This is the Basel II definition of Operational Risk
E&Y+D&T research on Basel II impact on ORM:
Risk Management has historically been focused on financial risk management (eg, Credit or Market risk)
There is now a shift in regulatory approach and market expectations to incorporate a more integrated risk management system
This is the Basel II definition of Operational Risk
E&Y+D&T research on Basel II impact on ORM:
Risk Management has historically been focused on financial risk management (eg, Credit or Market risk)
There is now a shift in regulatory approach and market expectations to incorporate a more integrated risk management system
14. BIS BIS-Papers on Operational Risk Papers on Operational Risk BIS BIS-Papers on Operational Risk Papers on Operational Risk
Working Paper on the Regulatory Treatment of Operational Risk (September 2001)
Potential Modifications to the Committee’s Proposals �(November 2001)
Quantitative Impact Study (QIS 2) for Operational Risk �(January 2002)
QIS 3 Operational Risk Data Collection Exercise – 2002 �(June to August 2002)
Basel Committee reaches agreement on New Capital accord issues �(10. July 2002)
Sound Practices for the Management and Supervisionof Operational Risk (February 2003)
CP3 (29 April 2003)
Risk Management Principles for Electronic Banking�(July 2003)
More at: www.bis.org
15. It is an Opportunity for Banks to Comply Fast and Gain Competitive Advantage
16. Internal or Advanced Measurement Approaches Call for Action Now
18. Basel II Learnings �Overview Basel II is a directive not law
In country law needs finalisation
EU regulation (CAD3) will expand coverage
Ratings can be chosen, overall capital requirements should not change, but become more risk adjusted
Credit Risk
IRB opens up an opportunity for banks to gain advantage
IRB requires
Data History on each customer
Data Access and Process
Operational Risk Management
Sound Practices for the Management and Supervision of Operational Risk
Risk Management Practices for electronic banking
19. Basel II Learnings on IT Related ORM Specific categories specified, a few open up opportunities for IT and network related measures
Besides IRB on the CR side, only AMA approach allows to gain advantage, expected best case 2/3 of Standard Approach �-> customer business case for IT investment
Capital Requirements optimization will not be the major driver for ORM Implementation
Market Disciplin (Pillar 2) and the Supervisory Process (Pillar 2) will require banks to publicly communicate their business conduct
20. Compliance as a Business Opportunity�Important messages Based on common sense and existing knowledge
Broader Framework important – not just Basel II -> Operational Risk Reduction and Management is a Business Opportunity
ORM was, is and will be a key issue for any institution, �Basel II & CAD3 only increases importance, provides rewards for good ORM practices and thus can create a business case
If Basel II/CP3 in the proposed form and timeframe will not come through, ORRM Initiative is still a key topic for the Financial Services industry
Important for other industries
22. Risk Management in Financial Services
23. Operational Risk Management and Basel II Network Relevance
24. Service Packages for Financial Segment Based on customer needs in their layered business framework (blue) CISCO‘s service packages help customers to address specific important IT ralated segment (yellow)
Expanding: 2 Service packages are available addressing customer needs. Deliverables describe content.
Both packages address business needs coming from ORM and regulatory requirements like Basel II (but also from others!)
Gaps and actions will be identified specifically to address Financial Services customer business needs. Best practices to address i.e. Basel II requirements will be used as benchmarks
Cisco services address customer needs of customers in financial segment:
Improved ORM
Loss Prevention
Compliance
Efficiency increase
Based on customer needs in their layered business framework (blue) CISCO‘s service packages help customers to address specific important IT ralated segment (yellow)
Expanding: 2 Service packages are available addressing customer needs. Deliverables describe content.
Both packages address business needs coming from ORM and regulatory requirements like Basel II (but also from others!)
Gaps and actions will be identified specifically to address Financial Services customer business needs. Best practices to address i.e. Basel II requirements will be used as benchmarks
Cisco services address customer needs of customers in financial segment:
Improved ORM
Loss Prevention
Compliance
Efficiency increase
25. Service Packages for Financial Segment
26. Service Packages for Financial Segment ITIL is a best practice in IT management
Customer needs are associated with ITIL Cataegories and need to be addressed by Business Process Enegeneering, Best Practice Benchmarking, and the appropriate Architecture (incl. Network)
Cisco Service package deliverables are directly linked to this providing support.
Yellow: the 2 specific Assesment Service Packages for Financial Services customers
Blue: Cisco‘s Technical Support and Engineering services – commonly available for allITIL is a best practice in IT management
Customer needs are associated with ITIL Cataegories and need to be addressed by Business Process Enegeneering, Best Practice Benchmarking, and the appropriate Architecture (incl. Network)
Cisco Service package deliverables are directly linked to this providing support.
Yellow: the 2 specific Assesment Service Packages for Financial Services customers
Blue: Cisco‘s Technical Support and Engineering services – commonly available for all
27. Customer Value End-to-end approach
Benchmark against leading practice and peers
Independent view across organisation
Identify projects that will have maximum impact on key performance indicators
Standard methodology and templates
Fill skill gaps
28. Cisco‘s Approach and Value �Proposition Summary
share best practices at top accounts that use IRB/AMA approaches
ORA Service (Operational Risk Assessment) helps identify Gaps against ORM best practice and Basel II compliance (SPOR)
new technologies around Data Center Solutions (Core, Content, Storage and Optical) open up opportunities for Banks to consolidate DataCenters, save costs and contribute to better compliance (see Euronext.Liffe case)
Security is a key competence of Cisco, is an important element in ORM and can and should be looked at anytime by any customer
NSAR Service (Network Security Architecture Review) identifiies gaps against best practice and Basel II requirements
DCN, Safe and our converged network architectures are proven solutions that can be implemented today
30. Euronext.liffe “This project is a state of the art business case, provides us with a competitive advantage and in parallel a great way to reduce and manage risks and thus become compliant with new regulatory requirements.”��Allan Mycroft, Director 1/3 grid is used plus, a strike line where titles and bullets should be aligned to
?? Proposing 51,51 bullets for white slides only – Match the title line above and stand out more. What about black? Can we have a 1/3 grid is used plus, a strike line where titles and bullets should be aligned to
?? Proposing 51,51 bullets for white slides only – Match the title line above and stand out more. What about black? Can we have a
31. Cisco and Hitachi Data Systems�Wide-Area SAN Extension: Euronext.liffe
32. Euronext.liffe Add DiagramAdd Diagram
33. 1/3 grid is used plus, a strike line where titles and bullets should be aligned to
?? Proposing 51,51 bullets for white slides only – Match the title line above and stand out more. What about black? Can we have a 1/3 grid is used plus, a strike line where titles and bullets should be aligned to
?? Proposing 51,51 bullets for white slides only – Match the title line above and stand out more. What about black? Can we have a
