Basel II risk management and implementation guide

The Basel II implementation was created to make sure financial institutions had enough cash on reserve to match any potential risks they might have -- operational, legal or otherwise. Clearly, risk management is a particularly important part of Basel II requirements, which means security and technical controls play a significant role when it comes to compliance.

In this guide, you'll learn about where Basel II compliance stands now and where Basel II risk management requirements are subject to change. You'll also find Basel II frameworks that can help you on your way:

• How important are Basel II requirements and operational risk?
• Using ISO 27001, BS 2577 security standards to meet Basel II compliance requirements
• Developing a Basel II risk management and reporting strategy
• Developing a governance, risk and compliance management strategy to achieve compliance with Basel II requirements

In fact, with the clear need for more prescriptive Basel risk management controls, it won't be long before Basel III enters the picture. Basel III will likely include separation of duties and other technical controls to prevent fraud. For now, solid Basel frameworks like ISO 27001 can help with requirements. In the meantime, ISACA produced a list of IT Guiding Principles, which are a mirror image of the Basel II risk management controls, interpreted for the IT world.

Using ISO 27001, BS 2577 security standards to meet Basel II compliance requirements
When Basel capital requirements must align with a bank's actual operational risk, information security professionals need to take an active role in Basel II compliance. Luckily, there are several business continuity security standards that can take on Basel risk management and help you identify any gaps.

Alan Calder reviews a British Standards ICT continuity standard called BS 2577, which isn't well known, but provides security best practices for Basel II compliance that can ensure your IT systems are up and running after a disaster.

Developing a Basel II risk management and reporting strategy
Basel II operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from outside events. What does that mean exactly?

The financial regulation, created by the Basel Committee on Banking Supervision, acknowledges that how operational risk is defined can make or break financial institutions, especially given banks' increased reliance on information systems and complex financial instruments.

Richard E. Mackey explains the kind of Basel II risk management and reporting approach that the standard calls for, including regular audits, strict technical controls and proper risk assessment and data classification.

Developing a governance, risk and compliance management strategy to achieve compliance with Basel II requirements
Governance, risk and compliance (GRC) management is an integrated approach, not one that necessarily separates a bank's Basel II operational risk, for example, from its legal or market risk. As contributor Michael Rasmussen said, GRC is about organizational collaboration.

This kind of "federated" GRC initiative involves a number of professional roles. Building your Basel II compliance roadmap means defining your scope and creating an accurate inventory of systems and processes. Learn the characteristics of a solid governance, risk and compliance strategy, and find out who needs to be involved when you're up against Basel II requirements.

Rate this Tip To rate tips, you must be a member of SearchSecurity.co.UK. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Compliance and regulations Encryption basics: How asymmetric and symmetric encryption works SIEM systems streamline compliance processes, offer security benefits Tips to achieve PCI compliance How to choose an external compliance auditor Using a privacy impact assessment template for DPA compliance PCI DSS checklist: Mistakes and problem areas to avoid The elements of a compliance-oriented architecture Wireless network guidelines for PCI DSS compliance PCI DSS requirement: Implement strong access control procedures How to choose full disk encryption for laptop security, compliance IT Security Frameworks and Standards How to develop a culture of security in the enterprise ICO issues draft guidelines for personal information online Using a privacy impact assessment template for DPA compliance Benefits of ISO 27001 and ISO 27002 certification for your enterprise How to write an information security policy The elements of a compliance-oriented architecture New products aim to streamline compliance efforts A helpful BSI data protection standard for DPA compliance How project management maturity models can reveal security strength Consider a compliance-driven security framework Compliance Regulation and Standard Requirements PCI DSS requirements still baffling as compliance deadline approaches Make PCI DSS compliance easier by reducing scope, outsourcing data Cloud computing compliance: Exploring data security in the cloud Encryption basics: How asymmetric and symmetric encryption works SIEM systems streamline compliance processes, offer security benefits No major PCI DSS revision expected in 2010 PCI QSAs, certifications to get new scrutiny Tips to achieve PCI compliance PCI DSS requirements: Get ready for stricter enforcement, fines Data Protection Act breach could cost companies 500,000 pounds RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Financial Services Authority  (SearchSecurityUK.com) IISP (Institute of Information Security Professionals)  (SearchSecurityUK.com) ISO 27001  (SearchSecurityUK.com) Jericho Forum  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.