Presentation is loading. Please wait.

Presentation is loading. Please wait.

ARMReN Seminar Thursday, 13 September 2007

Published byBrage Langeland Modified over 5 years ago

Similar presentations

Presentation on theme: "ARMReN Seminar Thursday, 13 September 2007"— Presentation transcript:

1 ARMReN Seminar Thursday, 13 September 2007
Balancing Access and Privacy: Using Risk Management to Walk the Tightrope Dr. Victoria Lemieux 13 September, 2007 ARMRen research workshop on Access and Impact Liverpool University, Foresight Centre

2 Free flow of information: A competitive imperative
Global investment banking relies on the free flow of information across borders and institutions Trading Fund transfers Global mergers & acquisitions Asset management Other business activities executed on a global scale

3 Credit Suisse: A Case in Point
Credit Suisse is a leading global bank headquartered in Zurich It is focussed on serving its clients in three business lines: investment banking, private banking and asset management For the second quarter of 2007, net income totalled CHF 3.2 billion and had CHF 1,629 billion worth of assets under management Total staff worldwide is 45,000 Credit Suisse operates in approximately 50 countries globally

4 The Legal and Regulatory Landscape & Climate
Bank for International Settlements (Basel II) Financial Services Authority EBK/ Swiss Banking Secrecy Data Protection Act International Standards Organisation Sarbanes Oxley Federal Financial Institution Examiners Council Gramm Leach Bliley Patriot Act Federal Information Security Management Act California SB1386 Monetary Authority of Singapore Japanese Financial Services Agency

5 Data Privacy Regulation: A Growth Market
Almost every country in which Credit Suisse now operates has some form of data privacy/data protection legislation or regulation Data privacy legislation/regulation is on the rise Growing public concern about data security Recent examples *Facebook *J.P Morgan Chase *Monster *Nationwide *Wikipedia *Bank of America

6 Information Management Compliance – What Could be Easier?
Achieving information management compliance boils down to three simple steps: 1. Identify relevant laws and regulations 2. Identify records to which laws/regulations apply 3. Ensure records are created & handled in accordance with applicable laws/regulations It’s not as easy as it seems!

7 Which Records? IM Web Content Rich Media

8 Which Devices?

9 Which Solutions ECM EDRMS Digital Rights Management Centralised
Device Management Storage Solutions Encryption

10 Challenge/Response How the RM community support financial services firms in meeting the IM compliance challenge: Support a risk-based approach

11 What is risk management?
Risk Management is an ongoing process used to: Identify potential risks associated with business activity Identify the potential impact and severity associated with the risk Identify strategies and activities that can implemented to mitigate or eliminate the risk Assign responsibilities and track progress of risk management activities Why is risk management important? Rise of the ‘Risk Society’ Rise of accountability frameworks (e.g., SOX, COSO) in which risk management figures prominently Rise of RIM-related threats Compliance complexity Risk management as an appraisal tool

12 How Risk Management can help Strike the Right Balance
Identify the risks. Lack of clarity re: application of law to different records Absence of controls for particular devices Technical weaknesses in recordkeeping solutions Categorize the risks. Rank the risks. Accept or look for ways to mitigate the risks Develop risk mitigation action plan Track and monitor plan

13 Identifying risks Risk assessment
Business context + business functions/activities Business Context Business Activities Risk Vulnerabilities Threats

14 Categorizing risk Operating Risks: Those risks associated with business process and technical operations and the challenges of providing service delivery globally – including Loyalty Risk addressing any staff related exposure. Legal Risk addressing any risks around non-compliance with legal/regulatory requirements, or risk of litigation Technology Risks: Those risks associated with the ability to control future technology direction and to use technology to provide a competitive edge. Financial Risks: Those risks that have an adverse effect on the financial condition of the company or the achievement of Credit Suisse’s sourcing objectives. Business Risks: Those risks that have an adverse effect on Credit Suisse’s business operations or competitive position in the marketplace – including Reputation Risk.

15 Ranking risk Probability is the likelihood that a risk will occur
Impact is the consequences of a given risk once it occurs Risk management entails estimating probability and impact The measurement of probability and impact can be qualitative, quantitative, or a combination of the two It is important to assess the inter-dependency of risks as well as assessing each risk independently

16 Risk treatment options
Avoid Accept Transfer Reduce

17 Risk mitigation Action Required to Desensitize 5 1 2 3 6 4 7 8 9 Mitigation Plans reduce the level of risk. Risks are mitigated either by stabilizing or limiting the impact of the underlying assumption or desensitizing the outcome. Similar techniques can be used to identify risk mitigation strategies as can be used to identify risks Risk Action Required to Stabilize Impact Probability

18 Tracking and monitoring
Measure that risk treatment strategies have had the intended results Monitor risks over time to detect increases or decreases in their ranking Monitor that procedures and information gathered during the risk identification, risk measurement and risk treatment phases were accurate and complete Identify where improved knowledge would have helped to reach better decisions Identify lessons to be learned from the risk management process Assess whether risk management processes are adequate and being fully implemented.

Download ppt "ARMReN Seminar Thursday, 13 September 2007"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Control and Accounting Information Systems

Control and Accounting Information Systems
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.

Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Risk Management Assessment: The Canadian Banking System Nawal K Roy Vice President Risk Management Specialist Nawal K Roy Vice President Risk Management.

Risk Management Assessment: The Canadian Banking System Nawal K Roy Vice President Risk Management Specialist Nawal K Roy Vice President Risk Management.
INTRODUCTION TO RISK-BASED SUPERVISION Taliya Cikoja – IOPS Secretariat www.iopsweb.org IOPS TOOLKIT RISK-BASED SUPERIVSION.

INTRODUCTION TO RISK-BASED SUPERVISION Taliya Cikoja – IOPS Secretariat IOPS TOOLKIT RISK-BASED SUPERIVSION.
The EU Emissions Trading System (ETS) Rationale and Lessons learnt Artur Runge-Metzger Head of International Climate Negotiations, European Commission.

The EU Emissions Trading System (ETS) Rationale and Lessons learnt Artur Runge-Metzger Head of International Climate Negotiations, European Commission.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
Security Controls – What Works

Security Controls – What Works
RMBI 5C3290 2011/12 Introduction to Risk Management in Banking & Insurance Unit Leader: Trevor Williamson.

RMBI 5C /12 Introduction to Risk Management in Banking & Insurance Unit Leader: Trevor Williamson.
Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.

Risk Management at ANZ Banking Group Jun 18, 2008 Patrick Zhu Head of Retail Risk China Partnerships.
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Project Risk Management

Project Risk Management
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Managing Project Risk.

Managing Project Risk.

Similar presentations

Ads by Google