The Basel II implementation was created to make sure financial institutions had enough cash on reserve to match...
any potential risks they might have -- operational, legal or otherwise. Clearly, risk management is a particularly important part of Basel II requirements, which means security and technical controls play a significant role when it comes to compliance.
In this Basel II tutorial, you'll learn about where Basel II compliance stands now and where Basel II risk management requirements are subject to change. You'll also find Basel II frameworks that can help you on your way:
- How important are Basel II requirements and operational risk?
- Using ISO 27001, BS 2577 security standards to meet Basel II compliance requirements
- Developing a Basel II risk management and reporting strategy
- Developing a governance, risk and compliance management strategy to achieve compliance with Basel II requirements
How important are Basel II requirements and operational risk?
So how important are Basel II requirements now, especially given the condition of today's banks? Considering the state of today's financial institutions, some experts say the need for Basel II may be stronger than ever. Although Basel II requirements deal with a range of threats, including market and credit risk, it's Basel II operational risk that will most interest and affect information security professionals.
In fact, with the clear need for more prescriptive Basel risk management controls, it won't be long before Basel III enters the picture. Basel III will likely include separation of duties and other technical controls to prevent fraud. For now, solid Basel frameworks like ISO 27001 can help with requirements. In the meantime, ISACA produced a list of IT Guiding Principles, which are a mirror image of the Basel II risk management controls, interpreted for the IT world.
Using ISO 27001, BS 2577 security standards to meet Basel II compliance requirements
When Basel capital requirements must align with a bank's actual operational risk, information security professionals need to take an active role in Basel II compliance. Luckily, there are several business continuity security standards that can take on Basel risk management and help you identify any gaps.
Alan Calder reviews a British Standards ICT continuity standard called BS 2577, which isn't well known, but provides security best practices for Basel II compliance that can ensure your IT systems are up and running after a disaster.
Developing a Basel II risk management and reporting strategy
Basel II operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from outside events. What does that mean exactly?
The financial regulation, created by the Basel Committee on Banking Supervision, acknowledges that how operational risk is defined can make or break financial institutions, especially given banks' increased reliance on information systems and complex financial instruments.
Richard E. Mackey explains the kind of Basel II risk management and reporting approach that the standard calls for, including regular audits, strict technical controls and proper risk assessment and data classification.
Developing a governance, risk and compliance management strategy to achieve compliance with Basel II requirements
Governance, risk and compliance (GRC) management is an integrated approach, not one that necessarily separates a bank's Basel II operational risk, for example, from its legal or market risk. As contributor Michael Rasmussen said, GRC is about organizational collaboration.
This kind of "federated" GRC initiative involves a number of professional roles. Building your Basel II compliance roadmap means defining your scope and creating an accurate inventory of systems and processes. Learn the characteristics of a solid governance, risk and compliance strategy, and find out who needs to be involved when you're up against Basel II requirements.