Global financial firms will invest heavily this year in
software to integrate risk management systems across their IT
infrastructures, according to a study by Ernst &
Young.
In a survey of 150 large financial services firms, the
accountancy company revealed that the prevention of
risks to business emanating from IT is high on the corporate
agenda. These include security breaches and breaks in
business continuity.
Companies interviewed included retail and investment banks, half
of which have assets worth more than £125bn. More than 54% said
they would increase spending on IT risk management by 5% to 25% or
more during the next 12 to 18 months. The spending will be on
technology and developing processes, said Ernst & Young.
Risk management is essential to financial services firms because
Basel 2, which
came into force in January, enforces it. The international
regulation requires that banks ensure they have enough cash
reserves to cover the financial cost of problems in the business,
including fraud and IT failures. It means banks must know all risks
regardless of department or geography.
HSBC's plan to create a single anti-fraud system for all of its
different banking products across the globe is an example of the
technology that banks will have to implement to comply
IT risk management software, which collects and collates data,
supports businesses managing IT risk through features such as
notification of security breaches, reminding businesses to refresh
security when events occur, and supporting business continuity by
identifying potential and actual breakdowns.
"IT risk management was traditionally done in silos through the
different IT organisations and [for example] certain people focused
on security and others on business continuity," said Bill Barrett,
practice leader technology and information practice financial
services at Ernst & Young. "There is a need to bring these
together."
Barrett said companies will integrate risk management systems to
manage risk from one place to reduce exposure to risk.
"The real benefits will be the savings they can realise through
more efficient processes. Understanding what the impact of change
is on risk helps companies decide what to invest in," said
Barrett.
Bob McDowall, analyst at TowerGroup, said companies have to
spend money on linking separate systems to ensure overall risk can
be seen at one point. This he said involves using communications
technology
"It is essentially in the plumbing and making sure that from a
technology point of view that different risk systems communicate
and aggregate information on dashboards," he said.
But he said that technology integration is only the start and
banks need to change models that put a price on risk and must
overcome the different attitudes to risk of different departments
before spending on technology.
"There is no point investing in linking it until you get the
other bits right," he said.