Archive for the 'Risk' Category

Global Financial Services Supervision Systems

Ever wondered about what different approaches are out there to regulate and supervise the financial services? Considering the environment these days and anticipated regulatory tightening, there is an excellent piece of thought leadership in this space. The Group of Thirty G30, released its new report “The structure of financial supervision – Approaches and challenges in a global marketplace”. The report reviews 17 regulatory systems (ie, The jurisdictions reviewed are Australia, Brazil, Canada, China, France, Germany, Hong Kong, Italy, Japan, Mexico, the Netherlands, Qatar, Singapore, Spain, Switzerland, the United Kingdom, and the United States.)

It assesses the four approaches to financial supervision currently employed
across the globe (Institutional, Functional, Integrated, and Twin Peaks); and describes the key design issues of each supervisory model, illustrates how each has been implemented
in practice, and assesses the strengths and weaknesses of each approach.

I cannot share the full version due to copyrights issue, but the executive summary can be downloaded here

Ernst & Young 2008 Global Information Security Survey

The latest release of “Ernst & Young Global Information Security Survey” shows that a growing number of organisations recognise the link between information security and a strong brand / reputation. It covered nearly 1400 senior executives in over 50 countries, and it strongly indicates that a security incident would have a greater impact on reputation and brand than on revenues. Considering the previous results and my experience – it seems that the major drivers of information security spend are shifting from compliance to brand protection.

More importantly, it suggests that the spending is set to increase in Information Security. While, I think there will be major cutbacks in a number of existing areas and the same money will be re-channelled with more robust monitoring of the bottom line.

Survey can be found here

Successful Strategy Execution – Harvard Business Review

Excellent article in Harvard Business Review on secrets behind successful strategy execution. It is illustrated through a case study, whereby restructuring yeilds immediate results but the problems (or their symptoms) crept back in – until they decided to identify and address the root cause.

Focus should not be restructuring but rather identifying what and where it goes wrong – then appropriate change implementation and management as required.

See this link for the Executive Summary (I strongly recommend to subscribe to HBR for full article)

KPMG Releases Internal Audit of the Future

KPMG has released a whitepaper which leverages the insights and perspectives shared at a forum which brought together nine internal audit directors from leading financial institutions including Barclays, BMO Financial, Goldman Sachs, Credit Suisse, Bank of Nova Scotia, Morgan Stanley, Lloyds TSB, RBS and provided the opportunity for the group to identify key business drivers for change in today’s global financial services marketplace.

Key discussion points were around:
– Integrated Assurance Model
– Continuous Auditing and Technology
– Internal Audit’s Role
– Balancing Stakeholder Expectations
– Risk-Based Approach
– The Right People

The whitepaper here also highlights key action steps for Internal Audits to take to help meet expectations in 2010 and beyond.

2008 Data Breach Investigations Report

Some really exciting statistics reported by Verizon Business RISK team.

It is worth to note the fact that although percentage-wise the insider data breaches are 18% compared to the external 73%, later in the report is is mentioned that impact of an insider breach is relatively a lot higher than of an external breach.  Summary is below:

Who is behind data breaches?
73% resulted from external sources 
18% were caused by insiders
39% implicated business partners
30% involved multiple parties

How do breaches occur?
62% were attributed to a significant error 
59% resulted from hacking and intrusions  
31% incorporated malicious code
22% exploited a vulnerability
15% were due to physical threats

What commonalities exist?
66%  involved data the victim did not know was on the system
75%  of breaches were not discovered by the victim 
83%  of attacks were not highly difficult
85%  of breaches were the result of opportunistic attacks
87%  were considered avoidable through reasonable controls

You can find the report here

Goldman Sachs releases – Vietnam: The Next Asian Tiger in the Making

Goldman Sachs released this paper re Vietnam’s economic growth story and potential. Primarily driven by productivity increase, along with capital accumulation and labor input increases.

Risks relating to Vietnam’s economic growth are also covered in detail. This paper can be downloaded here

$7.5 billion trading scandal – is this the end of it?

Apparently not, FSA is urging banks to improve their controls, while a simple advice but barely followed. SocGen is a prime example. Although, other entity level and manual controls failed as well, but it was the technology that made it possible in the first place (based on the SocGen’s official statement released sometime earlier)

See here for further on this.