12:17 PM
Connect Directly

How to Better Coordinate Data and Processes Across Risk and Finance

While CRO's have gained increase independence as a result of the regulatory environment, that same environment also requires strong integration between risk and finance.

While a volatile economy and increasingly difficult regulatory landscape for banks has led to greater authority and independence for bank CRO's, the functions of risk and finance still require greater coordination in areas like data-sharing and processes, a new study by Accenture, a consulting firm found. The study, "Rethinking Risk in Financial Institutions," examines how banks and other financial institutions can achieve greater coordination between CRO's and CFO's without threatening the authority that CRO's need to deal with regulatory issues.

In the report Hakan Berg, CRO of Swedbank, remarks that financial institutions that used to be run by the CEO and CFO are now being managed by the CEO, CFO and CRO. And the CRO's seat at the decision-making table is justified by today's ever-changing regulatory environment, which often require greater use of risk models in business decisions, the report argues. But that independence also means risk has to be more coordinated with finance to help make those business decisions "The risk function should be separate in reporting to the board, which is what creates the pressure to integrate around processes, systems and data," Richard Lumb, Accenture's Group CEO of Financial Services, was quoted as saying in the study.

[See Related: Banks Beware: Operational Risk Increasing]

The report said that risk and finance particularly need to integrate their data to avoid conflict between the two and meet compliance with regulations such as the Basel III capital requirements. Swedbank's Berg mentioned that his bank had been working for the past few years on developing a common data warehouse across its risk and finance departments. This sort of integration, the report noted, can help smooth the path to more cooperation between CRO's and CFO's and eliminate unnecessary operational delays.

Banks have also seen benefits in greater collaboration between risk and finance in formulating risk and capital models. The report cited one anonymous CRO of of a global bank as saying that banks who have achieved greater integration in those models are able to have a better view of how each transaction will affect their financial, regulatory reporting, and regulatory capital sides. This in turn can lead to improvement in risk-adjusted returns, the report said, as factoring risk into business decisions can help eliminate high-risk assets from the balance sheet. "A potential benefit of a strong partnership [between the CRO and CFO] is lower volatility in results despite the volatile external environment," Accenture's Lumb explained.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.