Basel II risk management and implementation tutorial

The Basel II implementation was created to make sure financial institutions had enough cash on reserve to match any potential risks they might have -- operational, legal or otherwise. Clearly, risk management is a particularly important part of Basel II requirements, which means security and technical controls play a significant role when it comes to compliance.

In this Basel II tutorial, you'll learn about where Basel II compliance stands now and where Basel II risk management requirements are subject to change. You'll also find Basel II frameworks that can help you on your way:

RELATED CONTENT Compliance and regulations Employee security training for Data Protection Act compliance How to meet the PCI DSS compliance deadline on an IT security budget PCI compliance UK: The future of European merchant PCI compliance ISO 27001 SoA: Creating an information security policy document Data Protection Act of 1998 explained: Protecting personal data Encryption basics: How asymmetric and symmetric encryption works SIEM systems streamline compliance processes, offer security benefits How to choose an external compliance auditor Using ICO privacy impact assessment template for DPA compliance PCI DSS checklist: Mistakes and problem areas to avoid IT Security Frameworks and Standards ISACA issues mobile smartphone security policy guidance How to meet the PCI DSS compliance deadline on an IT security budget PCI compliance UK: The future of European merchant PCI compliance ISO 27001 SoA: Creating an information security policy document Panel advocates need for cloud computing data security standard Exclusive PCI DSS news: EU regional director rallies UK merchants Jericho Forum: Self-assessment guide How to develop a culture of security in the enterprise ICO issues draft guidelines for personal information online Using ICO privacy impact assessment template for DPA compliance Compliance Regulation and Standard Requirements Zurich Insurance breach payment: Data breach fine highest on record Employee security training for Data Protection Act compliance How to meet the PCI DSS compliance deadline on an IT security budget Mobile digital pad/pen helps secure patient data collection PCI compliance UK: The future of European merchant PCI compliance ISO 27001 SoA: Creating an information security policy document Ministry of Justice asks for input on UK privacy laws Exclusive PCI DSS news: EU regional director rallies UK merchants PCI PTS: Understanding PCI PIN security requirements PCI call centre: Understanding PCI DSS call recording requirements

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Financial Services Authority  (SearchSecurityUK.com) IISP (Institute of Information Security Professionals)  (SearchSecurityUK.com) ISO 27001  (SearchSecurityUK.com) Jericho Forum  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

• How important are Basel II requirements and operational risk?
• Using ISO 27001, BS 2577 security standards to meet Basel II compliance requirements
• Developing a Basel II risk management and reporting strategy
• Developing a governance, risk and compliance management strategy to achieve compliance with Basel II requirements

In fact, with the clear need for more prescriptive Basel risk management controls, it won't be long before Basel III enters the picture. Basel III will likely include separation of duties and other technical controls to prevent fraud. For now, solid Basel frameworks like ISO 27001 can help with requirements. In the meantime, ISACA produced a list of IT Guiding Principles, which are a mirror image of the Basel II risk management controls, interpreted for the IT world.

Using ISO 27001, BS 2577 security standards to meet Basel II compliance requirements
When Basel capital requirements must align with a bank's actual operational risk, information security professionals need to take an active role in Basel II compliance. Luckily, there are several business continuity security standards that can take on Basel risk management and help you identify any gaps.

Alan Calder reviews a British Standards ICT continuity standard called BS 2577, which isn't well known, but provides security best practices for Basel II compliance that can ensure your IT systems are up and running after a disaster.

Developing a Basel II risk management and reporting strategy
Basel II operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from outside events. What does that mean exactly?

The financial regulation, created by the Basel Committee on Banking Supervision, acknowledges that how operational risk is defined can make or break financial institutions, especially given banks' increased reliance on information systems and complex financial instruments.

Richard E. Mackey explains the kind of Basel II risk management and reporting approach that the standard calls for, including regular audits, strict technical controls and proper risk assessment and data classification.

Developing a governance, risk and compliance management strategy to achieve compliance with Basel II requirements
Governance, risk and compliance (GRC) management is an integrated approach, not one that necessarily separates a bank's Basel II operational risk, for example, from its legal or market risk. As contributor Michael Rasmussen said, GRC is about organizational collaboration.

This kind of "federated" GRC initiative involves a number of professional roles. Building your Basel II compliance roadmap means defining your scope and creating an accurate inventory of systems and processes. Learn the characteristics of a solid governance, risk and compliance strategy, and find out who needs to be involved when you're up against Basel II requirements.

Rate this Tip To rate tips, you must be a member of SearchSecurity.co.UK. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.