Tip

Basel II risk management and implementation tutorial

Since Basel II requirements were put into effect in 2003, banks and financial institutions have been hit hard by a global economic crisis. The financial world has obviously changed, but what does that mean for Basel II and risk management practices?

The Basel II implementation was created to make sure financial institutions had enough cash on reserve to match any potential risks they might have -- operational, legal or otherwise. Clearly, risk management is a particularly important part of Basel II requirements, which means security and technical controls play a significant role when it comes to compliance.

In this Basel II tutorial, you'll learn about where Basel II compliance stands now and where Basel II risk management requirements are subject to change. You'll also find Basel II frameworks that can help you on your way:

Requires Free Membership to View

How important are Basel II requirements and operational risk?
So how important are Basel II requirements now, especially given the condition of today's banks? Considering the state of today's financial institutions, some experts say the need for Basel II may be stronger than ever. Although Basel II requirements deal with a range of threats, including market and credit risk, it's Basel II operational risk that will most interest and affect information security professionals.

In fact, with the clear need for more prescriptive Basel risk management controls, it won't be long before Basel III enters the picture. Basel III will likely include separation of duties and other technical controls to prevent fraud. For now, solid Basel frameworks like ISO 27001 can help with requirements. In the meantime, ISACA produced a list of IT Guiding Principles, which are a mirror image of the Basel II risk management controls, interpreted for the IT world.

Using ISO 27001, BS 2577 security standards to meet Basel II compliance requirements
When Basel capital requirements must align with a bank's actual operational risk, information security professionals need to take an active role in Basel II compliance. Luckily, there are several business continuity security standards that can take on Basel risk management and help you identify any gaps.

Alan Calder reviews a British Standards ICT continuity standard called BS 2577, which isn't well known, but provides security best practices for Basel II compliance that can ensure your IT systems are up and running after a disaster.

Developing a Basel II risk management and reporting strategy
Basel II operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from outside events. What does that mean exactly?

The financial regulation, created by the Basel Committee on Banking Supervision, acknowledges that how operational risk is defined can make or break financial institutions, especially given banks' increased reliance on information systems and complex financial instruments.

Richard E. Mackey explains the kind of Basel II risk management and reporting approach that the standard calls for, including regular audits, strict technical controls and proper risk assessment and data classification.

Developing a governance, risk and compliance management strategy to achieve compliance with Basel II requirements
Governance, risk and compliance (GRC) management is an integrated approach, not one that necessarily separates a bank's Basel II operational risk, for example, from its legal or market risk. As contributor Michael Rasmussen said, GRC is about organizational collaboration.

This kind of "federated" GRC initiative involves a number of professional roles. Building your Basel II compliance roadmap means defining your scope and creating an accurate inventory of systems and processes. Learn the characteristics of a solid governance, risk and compliance strategy, and find out who needs to be involved when you're up against Basel II requirements.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in April 2009

 

COMMENTS powered by Disqus  //  Commenting policy

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.