Technology Risk

Technology risk management requirements for strengthening system, network and infrastructure security have been drawing the attention of the regulators worldwide.  The focus involves stating requirements for a high level of robustness and integrity of all critical IT infrastructure and systems, also specifying the requirement for financial institutions to implement IT controls to protect customer information.

Recently presented by MAS the updated Internet Banking and Technology Risk Management Guidelines (IBTRM) will be applied to all financial institutions, unlike the current IBTRM guidelines which focus primarily on the banking sector. Additionally, MAS has proposed to define and enforce a set of mandatory IT requirements for the financial industry. Establishment of a sound and robust risk management framework of policies and control systems in business operations is the responsibility of senior management.

Companies delivering products over electronic communication methods are expected to:

  • Establish a sound and robust technology risk management framework
  • Strengthen system security, reliability, availability and recover-ability
  • Deploy strong cryptography and authentication mechanisms to protect customer data and transactions

Our Agile Technology Risk Management Methodology

In Financial Service Industry, words” Risk Management” often triggers immediate association with “Trading Controls”  relying on automated applications. To ensure that systems operate as intended, we review and design adequacy of risk management practices, internal control systems and processes by designing and implementing a practical Risk Framework suitable for your organization.

IT Risk Management is the front line to Business Risk Management solving specific objectives:

  • data confidentiality
  • system and data integrity
  • authentication and non-repudiation
  • System availability
  • Customer protection

Our Risk Management Framework ensures that all risk management functions are taking required steps to:

  • identify, classify and assess relevant risks
  • determine how each type of risk should be treated in terms of the risk mitigation and control measures
  • develop a documented plan containing policies, practices and procedures
  • implement and test the plan
  • establish risk monitoring and plan effectiveness
  • establish a change management process to periodically update the plan, taking into account changes in technology, legal development and business environment

Scope of assessment

  • Security Principles and Practices
  • Recovery and Business Continuity Plans
  • Outsourcing Management
  • Managing outsourcing risks
  • Cloud outsourcing risk
  • Monitoring outsourcing arrangements
  • Customer Education
  • Firm Disclosure Practices

Risk Calculation Solution

By analyzing risk-relevant information provided by management systems we measure an organization's resilience to threats to the confidentiality, integrity and availability of information.
In our iterative approach, we start calculations from the historical data that are already collected.

First step is to holistically review what are the

  • Risk Management Tools in place
  • Risk Monitoring Tools in place
  • How to leverage existing point solutions
  • How they are integrated
  • How they are managed
  • How do they manage Risks

Next step is to

  • Test and monitor risks
  • Measure resilience to perceived vulnerabilities
  • Eliminate subjectivity from security and compliance decisions
  • Deploy only necessary controls only where they are needed

Final Step is to

  • Test and monitor risks
  • Measure resilience to perceived vulnerabilities
  • Eliminate subjectivity from security and compliance decisions
  • Deploy only necessary controls only where they are needed

Regulatory compliance

A well designed Technology Risk Management Framework is an essential part of achieving a daunting target regulatory compliance:

  • Designing Scalable Regulatory compliant service architecture
  • Designing Scalable Regulatory compliant service architecture
  • Designing service architecture in a fool-proof fashion
  • Responding to audit points
  • Optimizing Audit Response
  • Being capable of persuading Auditors that your service architecture is as good as you say it is

Our approach is based on recursive risk assessment; we use our proprietary data analysis tools and open source solutions to make achievable enterprise risk optimization.