Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr Neil Dodgson Director Risk and Compliance Solutions EMEA Financial Services Governance, Risk & Compliance An Integrated Framework People, Processes.

Similar presentations


Presentation on theme: "Dr Neil Dodgson Director Risk and Compliance Solutions EMEA Financial Services Governance, Risk & Compliance An Integrated Framework People, Processes."— Presentation transcript:

1 Dr Neil Dodgson Director Risk and Compliance Solutions EMEA Financial Services Governance, Risk & Compliance An Integrated Framework People, Processes & Platform

2 2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Safe Harbor Statement

3 3 Why Bother?

4 4 Governance, Risk, and Compliance (GRC) At-a-Glance Culture Governance Risk Compliance Governance Set and evaluate performance against objectives Authorize business strategy & model to achieve objectives Risk Management Identify, assess, and address potential obstacles to achieving objectives Identify / address violation of mandated and voluntary boundaries Culture Establish an organizational climate and individual mindset that promotes trust, integrity, and accountability Compliance Encourage / require compliance with established policies and boundaries Detect non-compliance and respond accordingly Source: Open Compliance and Ethics Group

5 5 Source: Lord & Benoit, 2006 Share-price performance of companies complying with SOX rules  28%  26%  6% Control weakness in 2004, but none in 2005 No control weaknesses in Reported control weakness Price of control deficiency for $1 billion company Source: University of Wisconsin, 2006 $10 million in higher cost of equity capital Savings on legal liability avoidance from GRC investment Source: General Counsel Roundtable, 2006 Spending on Compliance Savings on Lower Legal Liability $1 $5 # of GRC projects Ad hoc Approach Platform Approach Resources for innovation Opportunity cost of siloed GRC Cost of GRC Good GRC is Good Business: Reputational & Strategic Risk Executives Seek Returns from GRC Investment

6 6 Chief Compliance Officer (CCO) CFO / VP of Finance Chief Risk Officer (CRO) CIO  Increasing efficiency & consistency of compliance processes  Reducing fees & regulatory actions by reducing compliance violations  Planning and oversight of compliance management resources  Identifying and implementing optimal detective & preventive controls  Reducing the total cost of GRC  Timely notification of control issues, material weaknesses and violations  Accurate & comprehensive information on financial results, compliance and audit  Balancing the range of enterprise risks  Evaluating business requirements and technical risk capabilities  Reducing organizational cost of risk exposure and cost of mitigation or acceptance  Ensuring Auditable, secure information  Automating GRC information management  Eliminating multiple internal GRC solutions  Implementing IT platform for GRC standardization, simplification & security CEO CEO CEO CEO What Are the GRC Management Challenges? Enterprise-Wide Responsibility

7 7 Risk & Compliance Officers What Keeps You Awake at Night? Prison DATA

8 8 GRC Requirements and Complexity Increase Across the Map Apps Server Manufacturing Data Warehouse DatabaseMainframes Mobile Devices Enterprise Applications Records Retention IT Governance Financial Reporting Compliance Workforce Governance Data Privacy Audit Management Credit Risk Mgmt Market Risk Mgmt Operational Risk Mgmt Strategic Alignment Legal Discovery Supply Chain Traceability Service Level Compliance Service Finance Sales & Mktg Purchasing Suppliers Customers Engineering SOXJSOXFDABasel II EU Directives HIPAAGLBA… U.S. Germany Japan U.K. France China Canada India

9 9 Traditional Approach????

10 10 Risk Management Capital Management/Basel II/Solvency II/BI Learning Management HR Internal Controls & SOX Enterprise Content Management COBIT:Security, Identity & Data Management Actions RCSA Process Mapping Economic Capital Dashboards RAPM Documentation Records Management Legal DiscoveryChange Management Loss KRI / KCI EncryptionAuditSegregation of DutiesIdentity Mgmt Data Warehousing Master Data Financial Control & Reporting Core Financials Budgeting & PlanningBI MarketALMOperationalCredit BPEL Workflow Management Monitoring & Compliance AML KYC/CDD MiFID Fraud Integrated Risk & Compliance Framework

11 Governance, Risk & Compliance People Know Your Employee

12 12 Foster a Culture of Ethics and Excellence with Workforce Governance Ensure employees understand regulations and policies in most time- and cost-effective manner Prove employee acknowledgment of accountability Trust single source of authoritative information for policy and procedure reference Central Policy & Procedure Portal Self-Paced Employee Learning

13 Governance, Risk & Compliance Processes

14 14 A Holistic GRC framework for:  SOX requires Identification of Risks and the management of Controls thru Assessments  RCSA - Operational Risk requires the Identification of Risks and the management of Controls thru Self Assessments  MiFID and RegNMS require Client Suitability and Transaction Surveillance  AML requires KYC and Transaction Surveillance  Fraud Detection Requires both Transaction Monitoring and Risk & Control Self Assessment A Common Process understanding for Compliance and Operational Risk would be a first step to GRC convergence

15 15 GRC framework: Converging Requirements AML MiFiD RegNMS KYC COBIT Info Security Audit Internal Controls Basel OR- AMA Analytics & Reporting  Capital Calculations  Attestations  Action Planning  Case Management  Behavior Detection  Controls Testing  RCSA  KRI  Events Management  Process Maps, Reference Data, Oversight Library  GRC Infrastructure  GRC Framework

16 16 Recent Incidents and possible lessons learned Identifies the need for an independent Compliance monitoring system that can detect suspicious or irregular activity among all trades and orders in the organization. Identifies danger of using in-house systems for Compliance monitoring Identifies lack of adequate Surveillance and Behaviour Pattern Detection. Good Risk management DOES NOT Equal Good COMPLIANCE Identifies an ongoing need for Operational Risk to be more closely monitored and enforced within the financial organizations. Near-Real-Time alert generation of potentially fraudulent behaviours, irregular behaviours, excessively large positions, and other suspicious patterns An holistic view across all areas is required to provide transparency across multiple-asset classes and jurisdictions to avoid hidden P&L Integrated GRC systems

17 17 Data Ingestion Data Model & Behavior Detection Alert Management Case Mgmt Reports & Analytical Tools Compliance Monitoring The Police : Behaviour Detection Platform Overview TRADE TRANSPARENCY BEST EXECUTION CONFLICTS OF INTEREST

18 18 One Implementation Solves Many Problems ENTERPRISE SURVEILLANCE Data Ingestion Behavior Detection Engines Workflow Manager Financial Services Data Model (FSDM) Scenario Development Toolkit Global Retail Banking Global Capital Markets Retail Brokerage Global Instl. Brokerage Global Wholesale Global Private Banking MBS Global Fixed Income Global Liquidity Asset Mgmt Corresp. Banking Best Ex Cust Suitabi. Investment Manager Surveillance Customer Cross Sales Broker Surveillance OpRisk Key Indicators AMLTrading Compl. Fraud and Identity Theft Trading Ahead ATM Fraud Parking Painting the Tape Insider Trading Sanctions List High Risk Geo Network of Acco Structuring Rapid Mvt Hidden Networks Possible CTR Change In Behaviour Price Improvement Wash Trades High Risk Instructions n 300+ Integrated behavior detection solution BEHAVIOR DETECTION PLATFORM Jrnls Btwn Unrel. Abusive Squeezes

19 19 Enterprise Risk,Compliance & Performance Management ComplianceCompliance Multi Dimensional Profitability Customer Profitability Available to Front Office Product and Branch Profitability Activity Based Costing Transfer Pricing Risk Management Managing Risk, Performance & Profitability Across the Enterprise PerformancePerformance ProfitabilityProfitability Planning & Budgeting Performance Scorecards Operational Cost Analysis Risk Adjusted Performance Mgmt Risk Assessment/ Quantification Credit, Market & Operational Risk Complete & Transparent Audit Trail Asset/Liability Mgmt Regulatory Compliance Basel II SOX Anti-Money Laundering Regulatory Reporting Internal Controls Manager Analytics ServerBI DashboardsProfitability / Risk Engine Databases Data Warehouse

20 20 CHALLENGES / OPPORTUNITIES Lack of a centralized view of Investment Bank Deposit, Loans, Product Fees, and Sales GRC-related data from multiple, non- integrated data sources & applications Time-consuming and labor-intensive core data management Poor data quality and inadequate user satisfaction SOLUTIONS Business Intelligence (Analytics) Reveleus Basel II CUSTOMER PERSPECTIVE "We have been extremely impressed with the ability to bring data together from disparate sources and make it easy to access and leverage across the organization.” Brian Collins, Technical Sponsor RESULTS Delivered role-based access to multiple data sources for Fixed Income, Treasury, and Investment Banking in 100 days Provided over 300 key performance, risk and compliance metrics on a consolidated, real-time dashboard Saved up to 80 hours each month with Automated Variance Analysis Expects to increase cross sell and up sell revenue by 75% COMPANY OVERVIEW Fifth largest bank holding company in the US, based on assets under mgmt Third-largest U.S. full-service brokerage firm, based on client assets under mgmt $700 million in managed assets 110,000 employees

21 21 Executive Dashboard Products Top Bottom Scorecard RAROC Transactions Reporting Profitability Customer Example Tier 2 Regional Bank, within US Top 25, 321 branches Role based dashboards driving insight from robust detail account level data containing statistical information, revenue, expense and derived calculations from a single source

22 22

23 Liquidity Risk Analytics

24 24 Compliance Alerts: Fraud, Rogue Trader, Market Abuse, AML :

25 Governance, Risk & Compliance Platform

26 26 "Business and public sector leaders must take their data protection obligations more seriously… privacy must be given more priority in every UK boardroom. Organisations that fail to process personal information in line with the Principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers." Richard Thomas Information Commissioner Information Commissioners Office How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?

27 27 50% of 1,000 executives polled said information technology is the most challenging area in achieving Sarbanes-Oxley 404 compliance Source: KPMG 404 Institute, 2006 Information Risk Continues Unabated Information Security Becomes Part of Overarching GRC Strategy

28 28 Key GRC Foundation Components Data Classification, Categorisation & Security – How customers’ use Oracle Label Security assign and protect sensitive or high risk data categories – How this can be extended to cater for non-oracle structured data Identity & Access Management – How customers use Oracle Identity Manager, Oracle Access Manager, Oracle Risk Based Authentication and Oracle Role Manager, to attest, manage, control, provision and de-provision access to systems and data Segregation of Duties Controls – How customers use Oracle database Vault to protect high risk data from the insider threat Audit Controls – How customer use Oracle Audit Vault to ‘trust but verify’ access and changes to key data items

29 29 Risk Management Capital Management/Basel II/Solvency II/BI Learning Management HR Internal Controls & SOX Enterprise Content Management COBIT:Security, Identity & Data Management Actions RCSA Process Mapping Economic Capital Dashboards RAPM Documentation Records Management Legal DiscoveryChange Management Loss KRI / KCI EncryptionAuditSegregation of DutiesIdentity Mgmt Data Vault Master Data Financial Control & Reporting Core Financials Budgeting & PlanningBI MarketALMOperationalCredit BPEL Workflow Management Monitoring & Compliance AML KYC/CDD Trading Fraud Integrated Risk & Compliance Framework

30 30 C Level Objective


Download ppt "Dr Neil Dodgson Director Risk and Compliance Solutions EMEA Financial Services Governance, Risk & Compliance An Integrated Framework People, Processes."

Similar presentations


Ads by Google