Compliance is not enough
The demands of regulatory compliance are among the factors driving IT and security managers within large organisations to improve their user-access governance processes, but the issues are broader and deeper than any regulations - and more serious than many senior executives think. The recent scandal at Societe Generale offers lessons from which every chief risk officer, chief information officer and chief security officer should learn, writes Brian Cleary
Risks related to unauthorised or inappropriate access to information resources can appear anywhere within an organisation at any time and spread rapidly through the business. All it takes is a single person with the wrong access. Such events range from minor policy and compliance violations to major operational failures with substantial financial, legal and reputational consequences.
While user
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Clearers face heavy lift on CME-FICC cross-margin service
Dual registration and regulation plus uncertainty over close-outs all weigh on client offering
Appetite breaches climb for top op risks
Risk Benchmarking: Low tolerance and heightened threat environment combine to test banks’ limits for cyber, resilience, third-party risk
How gatecrashers could spoil the tokenisation party
Blockchain can curb settlement risks, but that could come at the expense of new third-party risks
Op Risk Benchmarking: Banks seek a home for AI risk
Risk.net’s 2026 study sees record participation and collective unease, as banks race to incorporate AI into op risk frameworks
Contract negotiation tops tech sovereignty for banks in Asia
Regulatory pressure is rising, but industry still focused on service agreements with third parties
The SaaSpocalypse shows private markets need risk models
Investors have little idea how bad the losses in private credit are going to be
Crisis? Which crisis? How ECB stress test failed to see Strait
Banks were told to design geopolitical shock scenarios, but some focused mainly on tariffs
The race to model private market risks
BlackRock maps holdings to risk factors; competitors aim to get the best from statistical methods
