A complete and innovative solution for the Digital Information Risk Management in the Financial Industry
Managing risks in the financial industry is a complex task, and banks are engaged in risk governance at several levels. With the rise of the Digital Information age the task of protecting information assets and keeping systems and ICT infrastructures aligned with the pertaining business processes became a lot more difficult.
Almost all of governing bodies and the different entities supervising financial markets, in all countries of the world, are imposing a strict management of Digital Information Risk Management, and of the overall ICT infrastructure security, requiring Banks to have in place an integrated and robust Risk Governance framework. The Risk Governance Framework shall generally be monitored and approved at board level, with unified methodologies for qualitative and quantitative measures and analysis of ICT risks, and reflecting adequate management for all risk beyond the appropriate levels.
The Client is one of the top five retail banking groups in Italy by branch number, part of one of the top five European banking groups by capitalization and overall reach.
- Coordination difficulties where experienced in all compliance activities, namely in the company practices and processes related to multiple and disparate regulatory and statutory frameworks;
- Compliance management needed an overall improvement, in terms of process uniformity, and the respect of regulatory standards for all the different business owners of all company departments;
- Need of the adoption of an aggregated model for risk management, providing an integrated view of different risks on multiple layers;
- Integration in the new framework of the implemented monitoring points, and of the pertaining metrics already in place;
Why Infosync RM?
One of the key success factors making Infosync RM™ ideal for the Client is the methodology embodied in the solution through extensible and customizable libraries, fully reflecting all best practices, international industry standards, and regulatory and statutory frameworks applicable to the Client context. This ground breaking approach allowed the Client to achieve all the following goals:
- Creation of a unified and integrated view of all ICT risk components;
- Sharing of information between business functions responsible for the ICT risk management in an effective, timely and exhaustive way, allowing for mutual collaboration;
- Fair risk value attribution in the decisional processes related to the ICT service infrastructure evolution;
- Support for the processes of ongoing compliance to internal policies and external statutory and regulatory frameworks;
During six months of adoption, with progressive asset evaluation and modeling of risk scenarios, the Client successfully created the annual compliance reporting, exceeding the management initial expectations regarding the respect of company policies and of the pertaining statutory requirements.
- Compliance with local BankItalia directives of the regulation 263 Cap VIII, the new supervisory mandates for the banking industry;
- Standardization of the computational model and risk evaluation;
- Across the board Risk evaluation, results comparison and measurability on different time frames;
- Automation of risk weighing, based on frequency and assumed impact of historical and potential incidents;
- Ongoing operational models adjustment based on field assesment resulting from projects, ICT infrastructure and incident management;
- Complexity reduction with regard to Internal Audit counterparts;
- Adoption of standard measurement and values in risk treatment (Cobit5, ISO 27001, Privacy Law);