IBM SALES AND DISTRIBUTION Solution Brief
Assess, monitor and control exposure to risks. Enable better IT governance and resilience.
Operational & IT Risk solutions for financial services Highlights ●
Assess your over all risk readiness posture for business process and IT infrastructure vulnerabilities
●
Design effective Information security and service management processes and procedures
●
Implement a resilient business and IT architecture for consistent availability and recoverability
●
Facilitate effective enterprise-wide IT governance controls, with role-based system access
●
Apply active operation risk correlation and policy-based rules, engines and performance analytics
Over the past decade, changes caused by globalization, increases in operational speed, regulatory requirements, and financial instrument complexity have created a challenging environment for financial institutions. Ultimately, managing risk and return becomes an efficiency management task. Operational risk is a new frontier compared to credit, market and IT risk. Information Technology support of business process and operations must provide a reliable, secure and well controlled environment for businesses to grow and compete. IT systems, for example, should ensure that confidential corporate and personal data is protected from internal and external threats; the business is protected from cyber crime and fraud, changes or updates to the systems are well managed and approved before deployment; access rights are monitored and approved; all of this is should be done following regulatory and IT governance best practices to meet ever-evolving regulatory obligations. The results? An industry increasingly dependent on IT for risk management, business performance and the ability to provide differentiation that grows its bottom-line profits. The capacity to detect and to monitor operational and IT risks—and to deal with impacts on operational stability, availability, accessibility, and recoverability—is an important differentiator. A financial institution must have a holistic management approach to rapidly respond to business and operational risks, a constantly updated appreciation of the evolving range of threats to business operations and IT infrastructure assets is critical.
Assess, monitor and control exposure to risks. Enable better IT governance and resilience.
IBM SALES AND DISTRIBUTION Solution Brief
Todays business and IT managers understand the potential risk resulting from failure in their internal processes, individuals, or IT systems. From early warning financial impact analysis for pandemics, IT and crises management, service management and continuity, availability and recovery services, IBM offers a complete life cycle of services to improve IT governance and operational stability. Our Operational & IT risk solutions can provide:
Example operational risk offerings include: ●
● ●
●
●
●
●
●
●
Operational risk monitoring and control to quantify operational risks from the bottom up, improve understanding through causal analysis, and best manage through effective key risk indicators. Integrated information security risk monitoring to maximize information availability and integrity, while helping to ensure its privacy and proper use. Enterprise Information Security detection, prevention monitoring, vulnerability management and intrusion detection. Identity access management solutions to provide information on who has access to what. Complete service management offerings to monitor systems performance and resources capacity at all times. Business resilience management to maximize continuity, stability and recoverability of operations. Managed service offerings that use cloud computing to further mitigate risks and improve responsiveness.
With more than 40 years of experience in the financial services industry, IBM can deliver large-scale global projects that are sensitive in nature and function across multiple organizations. Our Operational &IT risk solutions include a range of capabilities throughout the business risk management cycle, including assessment and planning, design, implementation, business continuity and disaster recovery, and ongoing management and reporting.
●
A broad set of intellectual capital, including risk and control self-assessment (RCSA) templates and operational risk requirements, process maps, control libraries, test libraries, governance models, roles and responsibilities, future state roadmaps and more to accelerate project delivery. A broad understanding of financial regulations and market drivers developed through years of engagements with financial services customers. IBM Research assets deployed in banking and financial markets organizations that focus on advanced statistical and modeling capabilities including: – Cyber-intelligence as a forward indicator of risk sentiments in support of corporate brand and reputation analysis (CORBA). – Pandemic Impact Business Modeling (PBIM), an intelligent model that integrates company financials and helps prioritize risk events, defining appropriate risk mitigation strategies specific to pandemic scenarios. – The Operational Risk Quantification (ORQ) analytical tool to quantify and mitigate operational risk by addressing key challenges driven by regulations such as Basel-II. – IBM Risk Center of Excellence and Global Delivery Center offers capabilities to assess IT risk management leveraging the COSO/COBiT Framework, analyze IT regulatory impacts, model IT risk, and perform risk training, IT deployment support, as well as third party assessments.
Assess, monitor and control exposure to risks. Enable better IT governance and resilience.
IBM SALES AND DISTRIBUTION Solution Brief
By combining market-leading technology and a comprehensive services portfolio, IBM enables IT risk solutions that are customized to your risk tolerance while meeting regulatory requirements. These include:
As your business and IT operations execute, they can rely on a number of IBM offerings and capabilities which operate in the background. These include: ●
●
●
●
●
People and identity management—lower costs and mitigate the risks associated with managing user access to corporate resources. Our managed identity capabilities provide a secure identity management solution, through either a hosted or client premise model, that supports compliance while enabling collaboration across a diverse user base. Data and information protection—understand, deploy and properly test controls around access to and usage of sensitive financial business data. Our data encryption and leakage protection capabilities help you define, manage and enforce end-to-end data protection polices and procedures for structured and unstructured data. IBM can help you automate the prevention and discovery of data leakage events and help you protect existing (email and laptop) and emerging (removable storage, smart phone) and as-yet unidentified threats. Web application and process management—proactively identify application vulnerabilities, assess compliance requirements and improve the accuracy and reliability of online systems. Network, server and endpoint security—optimize business service availability by mitigating risks while optimizing security expertise, technology and process.
●
●
●
●
Operational Risk Reporting Information Foundation – which provides information for regulatory compliance and IT audits based on five critical operational areas: access, segregation of duty, change management, IT operations and application development Enterprise Security Risk Monitoring – which can analyze and correlate event information from multiple data sources and applications while monitoring transactions, events and information that flow through a targeted business process all the while looking for occurrences of unexpected results and continuously updating an automated virtual auditor IT and infrastructure risk and resilience capabilities – which systematically diagnoses root causes of IT and infrastructure risks such as availability, recovery, security, service and change management and then prescribes actions to reduce risk and improve operations IT security infrastructure capabilities – which deal with IT risk across your extended enterprise, protects information assets and prevents problems before they occur, enabling you to pursue new business initiatives securely while ensuring you have the processes and technologies in place to safeguard your systems, applications and information Business continuity infrastructure capabilities – which help minimize downtime and streamline recovery processes with proven strategies for business continuity and plans for high availability and recovery
IBM SALES AND DISTRIBUTION Solution Brief
IBM is here to help you enable projects to deal with various types of operational and IT risk, as well as other approaches to integrating risk management across the enterprise. The IBM Banking Industry Framework has been established to combine the power of IBM software with banking-specific software extensions, solution accelerators and best practices, to help you deploy a variety of solutions. Specifically, the framework can help you deploy operational & IT risk solutions faster and at lower cost with less risk. The IBM framework can help you migrate to a more strategic and flexible technology architecture that is aligned with the needs of your business, one project at a time. Take advantage of a structured approach that combines best-in-class industry assets, repeatable software patterns and IBM Business Partner offerings to take a holistic approach to monitoring and managing financial risk, financial crimes detection and prevention, operational and IT risk, and governance and compliance.
For more information To learn more about Operational & IT risk solutions for financial services, please contact your IBM representative or IBM Business Partner, or visit: ibm.com/banking or ibm.com/financialmarkets
Assess, monitor and control exposure to risks. Enable better IT governance and resilience.
© Copyright IBM Corporation 2009 IBM Corporation Route 100 Somers, NY 10589 Produced in the United States of America October 2009 All Rights Reserved IBM, the IBM logo and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at ibm.com/legal/ copytrade.shtml Other product, company or service names may be trademarks or service marks of others.
Please Recycle
IIS03004-USEN-00