Global financial firms will invest heavily this year in software to integrate risk management systems across their IT infrastructures, according to a study by Ernst & Young.
In a survey of 150 large financial services firms, the accountancy company revealed that the prevention of risks to business emanating from IT is high on the corporate agenda. These include security breaches and breaks in business continuity.
Companies interviewed included retail and investment banks, half of which have assets worth more than £125bn. More than 54% said they would increase spending on IT risk management by 5% to 25% or more during the next 12 to 18 months. The spending will be on technology and developing processes, said Ernst & Young.
Risk management is essential to financial services firms because Basel 2, which came into force in January, enforces it. The international regulation requires that banks ensure they have enough cash reserves to cover the financial cost of problems in the business, including fraud and IT failures. It means banks must know all risks regardless of department or geography.
HSBC's plan to create a single anti-fraud system for all of its different banking products across the globe is an example of the technology that banks will have to implement to comply
IT risk management software, which collects and collates data, supports businesses managing IT risk through features such as notification of security breaches, reminding businesses to refresh security when events occur, and supporting business continuity by identifying potential and actual breakdowns.
"IT risk management was traditionally done in silos through the different IT organisations and [for example] certain people focused on security and others on business continuity," said Bill Barrett, practice leader technology and information practice financial services at Ernst & Young. "There is a need to bring these together."
Barrett said companies will integrate risk management systems to manage risk from one place to reduce exposure to risk.
"The real benefits will be the savings they can realise through more efficient processes. Understanding what the impact of change is on risk helps companies decide what to invest in," said Barrett.
Bob McDowall, analyst at TowerGroup, said companies have to spend money on linking separate systems to ensure overall risk can be seen at one point. This he said involves using communications technology
"It is essentially in the plumbing and making sure that from a technology point of view that different risk systems communicate and aggregate information on dashboards," he said.
But he said that technology integration is only the start and banks need to change models that put a price on risk and must overcome the different attitudes to risk of different departments before spending on technology.
"There is no point investing in linking it until you get the other bits right," he said.