In the banking and investment industries, improper access and management of IT and data can be a source of major operational risks, which directly translate into financial losses. CloudAccess identity and access management solutions allow fine-grained oversight and control of user management processes to mitigate these risks in cloud environments.
In addition to meeting regulatory compliance such as the Sarbanes-Oxley Act and PCI, the new Basel Capital Accord introduced the notion of operational risk into the evaluation of the minimum capital solvency requirements for banks. Among the risk evaluation methods proposed by the accord, the advanced measurement approaches (AMA), authorize the financial establishment itself to evaluate the operational risks linked to its activity.
To do this, the bank has to set up an operational risk management system and an entity responsible for installing and managing it. The operational risk internal management system relies specifically on the following data:
Correlation of this data produces regular reports, which contribute to evaluating minimum capital solvency requirements.
More than a regulatory requirement, the new accord must be seen as an opportunity to significantly improve identity and access management. Such an overhaul can generate considerable return on investment by improving the productivity of users and IT personnel. It can also allow you to easily deploy procedures that are critical in a banking environment, such as “de-provisioning” and role-based management.
CloudAccess identity and access management solution can offer significant advantages:
The table below summarizes, in a non-limitative way, the possible roles that CloudAccess identity and access management solution can play in operational risk management. These modules can be deployed in a progressive way.
|Risk Types (according to Basel II Accord)||Primary sub-category for IAM||Identity Management||Secure SSO||Provisioning|
|Internal fraud||Theft and fraud||x||x|
|External fraud||Theft and fraud||x||x|
|Clients, products and business practices||Conformity, information distribution and fiduciary duty||x||x|
|Execution, delivery and process management||Input, execution and monitoring of transactions||x||x|
|Customer account management||x||x|