Call Toll Free 877-550-CLOUD (877-550-2568)
Cloud Computing & Security For Banking & Investment
In the banking and investment industries, improper access and management of IT and data can be a source of major operational risks, which directly translate into financial losses. CloudAccess identity and access management solutions allow fine-grained oversight and control of user management processes to mitigate these risks in cloud environments.
New Regulatory Compliance Requirements -
In addition to meeting regulatory compliance such as the Sarbanes-Oxley Act and PCI, the new Basel Capital Accord introduced the notion of operational risk into the evaluation of the minimum capital solvency requirements for banks. Among the risk evaluation methods proposed by the accord, the advanced measurement approaches (AMA), authorize the financial establishment itself to evaluate the operational risks linked to its activity.
To do this, the bank has to set up an operational risk management system and an entity responsible for installing and managing it. The operational risk internal management system relies specifically on the following data:
- Data on the losses actually experienced
Data on the operational incidents liable to generate costs (loss data)
Correlation of this data produces regular reports, which contribute to evaluating minimum capital solvency requirements.
Better Management, Better ROI - More than a regulatory requirement, the new accord must be seen as an opportunity to significantly improve identity and access management. Such an overhaul can generate considerable return on investment by improving the productivity of users and IT personnel. It can also allow you to easily deploy procedures that are critical in a banking environment, such as "de-provisioning" and role-based management.
How CloudAccess Identity and Access Management solution can help:
CloudAccess identity and access management solution can offer significant advantages:
- Immediate reduction in operational risks, by reducing the possibility of data access loopholes
- Information accessible and auditable on (a) authorized or illicit accesses and (b) allocation of access rights. This information makes it easier for the entity concerned to measure the operational risks and can be directly used by the reporting tools already in place
- Possibility of immediate reaction when a source of operational risk is detected. A centralized console for managing all access rights. After diagnosing a risk indicator, the detected loophole (typically an over-generous access rights policy or a rights allocation error) can thus be closed immediately
Simplification of technical concepts. In an identity and access management solution, the technical IT aspects are masked to enable the users to concentrate on the allocation of access rights.
The table below summarizes, in a non-limitative way, the possible roles that CloudAccess identity and access management solution can play in operational risk management. These modules can be deployed in a progressive way.
(according to Basel II Accord)
|Internal fraud||Theft and fraud||X||X|
|External fraud||Theft and fraud||X||X|
|Clients, products and business practices||Conformity, information distribution and fiduciary duty||X||X|
|Execution, delivery and process management||Input, execution and monitoring of transactions||X||X|
|Customer account management||X||X|