News & Commentary

09:20 AM
Kathy Burger
Kathy Burger
Commentary
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Risk Management Must Be Priority For All Banks, Not Just The Biggest

Despite the financial and operational challenges of regulatory compliance, investments in modern risk management capabilities must be viewed as an opportunity — not a burden — for all banks, regardless of size.

We hear often about the digital divide -- the gap between those who have access to state-of-the-art information technologies and those who do not, and the economic and social limitations that such a gap imposes on the have-nots. There are similar divides in banking -- institutions that have tons of resources and big budgets and those that must make do with significantly less. It's not just big bank/small bank --these divides can be created by management priorities and shaped by corporate cultures.


Digital BankingThe July/August 2013 digital issue of Bank Systems & Technology examines trends in enterprise risk management, with a special focus on the IT challenges and lessons learned from the initial round of Fed-mandated stress testing. July/August 2013 digital issue now.

Risk management and compliance with risk management-related regulations is another area in which we see divides. It's not just about which kinds of banks must comply with capital adequacy and stress testing directives -- the topic of the cover story in this Bank Systems & Technology issue about enterprise risk management. It's also about attitudes and vision. The management at some banks resists any changes or new regulations, no matter the context or history behind them. They are viewed as unfair and costly burdens to be challenged.

There's no question that regulatory compliance, particularly as it involves risk management, is costly and difficult. The most recent Banking Compliance Index (BCI), a quarterly index compiled and analyzed by vendor Continuity Control that measures the regulatory burden on financial institutions, highlights the potential financial impact of increased regulation on community banks. The index found what it calls a "staggering" 117% growth in regulatory burden in the past 12 months. The average institution, according to the BCI, had to commit 2.3 full-time employee equivalents to manage this burden. The index reports the time it takes to comply has increased more than 50% in the past year.

[The Risks And Rewards Of Cloud-Based Security Services]

That's terrible ... but so are the implications of ignoring the increased complexity of risk. And it's irresponsible to avoid investments in the kinds of technologies -- such as analytics, dashboards, modeling capabilities and high-performance computing -- that are the basis of effective risk management (and, as a corollary, compliance with much of the new banking regulation). Skimping on such technology also ignores the potential to leverage those investments for insights into performance, products and customers. Again, it's more about priorities than budgets. Analytics and data management no longer are things that only big banks can afford. At the same time, I'm sure there are community banks that value risk management prowess more than some big banks do.

Risk management is perhaps not the sexiest area of banking right now, compared with digital engagement or mobile transactions, but we all know that without the practice of risk management at its highest level the industry cannot survive. Banks should be united on that.

Katherine Burger is Editorial Director of Bank Systems & Technology and Insurance & Technology, members of UBM TechWeb's InformationWeek Financial Services. She assumed leadership of Bank Systems & Technology in 2003 and of Insurance & Technology in 1991. In addition to ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
7/25/2013 | 9:45:15 PM
re: Risk Management Must Be Priority For All Banks, Not Just The Biggest
Given the headlines around DDoS attacks banks have to take a more cooperative attitude towards compliance and data sharing when it comes to risk. I think eventually the attitude that compliance is such a burden is going to fall away as more attacks probably take place in the future.
Yaldez4FSI
50%
50%
Yaldez4FSI,
User Rank: Apprentice
7/24/2013 | 4:30:17 PM
re: Risk Management Must Be Priority For All Banks, Not Just The Biggest
Agreed Kathy. Risk management and compliance are important considerations for all banks. But, it is also a matter of culture. Does the bank's management really believe in it or is it something that is paid lip service to, because of regulators and auditors looking over their shoulders?
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Here is what the client expects us to develop...
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.