General discussion

  • Creator
    Topic
  • #2329368

    Should banks focus on risk management?

    Locked

    by debate ·

    Do you agree that companies should focus their IT spending on risk management? How does your organization focus its IT spending? Tell us what you think about focusing IT spending on risk management, as featured in this week’s IT Financial Services e-newsletter.

All Comments

  • Author
    Replies
    • #3487221

      Risk management spending

      by ltolevaz ·

      In reply to Should banks focus on risk management?

      Risk management spending on times of turbulence is a must;it should be done to obtain critical information on the economics of markets trends of each sector where the banks have or plan to loan money, this on top of client knowledge and its managerial capabilities. However, all these risk management activities need to be grounded on a sound IT infrastructure.

    • #3487218

      Risk management spending

      by ltolevaz ·

      In reply to Should banks focus on risk management?

      Risk management spending on times of turbulence is a must;it should be done to obtain critical information on the economics of markets trends of each sector where the banks have or plan to loan money, this on top of client knowledge and its managerial capabilities. However, all these risk management activities need to be grounded on a sound IT infrastructure.

    • #3487214

      I am the NetAdmin for a Bank

      by radiic ·

      In reply to Should banks focus on risk management?

      With the new Graham/Bliley Act, it seems that the occ is focusing on all types of Risk Management, and forcing banks to do it anyways. We even have to have a vendor Management policy and procedure in place. We have so many policies for assesing risks that I am Policied out. Why cant i just work on my firewall or my router and have some fun>?

      Rad

      • #3486059

        Regulations

        by pjohnson ·

        In reply to I am the NetAdmin for a Bank

        As we have seen, banks, credit card companies, online vendors, etc. are having a terrible time maintaing effective security controls over the “non-public sensitive information” provided by customers. An informational security program incorporates Risk Management, Disaster Recovery Plans, Business Continuity plans, Policies and Procedures (IT), Penetration testing, Internal Vulnerability analysis, Vendor due diligence, etc. This is an ongoing effort to secure customer data from hackers and malicious intent.
        Personally, the regulators are as frustrated about it as you. Most Don’t know what an effective security program contains, much less how to analyze one for effectiveness. Therefor, naturally youd be frustrated putting all kinds ofwork into something that the auditors have limited skills in comprehending. My heart goes out to you, but these are necessary growing pains.

        • #3505205

          I agree with you, I was just venting

          by radiic ·

          In reply to Regulations

          I know people are really worried about Identiy theft and things of that nature. We are in the process of making sure all our policies and practices comply and surpass in all the areas you mentioned. But just remember all those polices in place. They are only worth the paper they are written on if the staff follows them.

        • #3372034

          Enforcement

          by pjohnson ·

          In reply to I agree with you, I was just venting

          That’s why there must be a security/compliance officer ready to jump in and dole out lashings to those that do not see themselves and thei actions as vital in the realm of total security. Regular training and retraining, testing (social engineering, etc.) can help with this. Also, a monthly public execution or beating should keep their minds on it ;).

    • #3505093

      It’s all about the money.

      by c.barnhorst ·

      In reply to Should banks focus on risk management?

      The Bank cannot make money if it gets bad press from some hacker break in and the theft of, say, 20,000 credit card files. It doesn’t matter what really happened if that is how the press reports it. People put money in a bank to feel secure first and perhaps make a little interest second. Of course a bank should focus on risk management. People actually brag on how securely placed their money is.

Viewing 3 reply threads