Compliance is not enough
The demands of regulatory compliance are among the factors driving IT and security managers within large organisations to improve their user-access governance processes, but the issues are broader and deeper than any regulations - and more serious than many senior executives think. The recent scandal at Societe Generale offers lessons from which every chief risk officer, chief information officer and chief security officer should learn, writes Brian Cleary
Risks related to unauthorised or inappropriate access to information resources can appear anywhere within an organisation at any time and spread rapidly through the business. All it takes is a single person with the wrong access. Such events range from minor policy and compliance violations to major operational failures with substantial financial, legal and reputational consequences.
While user
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Risk management
EBA supports global op risk taxonomy, but it won’t happen soon
New EU framework designed to ease adoption by banks; other jurisdictions have different priorities
Allocating financing costs: centralised vs decentralised treasury
Centralisation can boost efficiency when coupled with an effective pricing and attribution framework
EVE and NII dominate IRRBB limit-setting
ALM Benchmarking study finds majority of banks relying on hard risk limits, and a minority supplementing with early-warning indicators
Banks split over AI risk management
Model teams hold the reins, but some argue AI is an enterprise risk
Collateral velocity is disappearing behind a digital curtain
Dealers may welcome digital-era rewiring to free up collateral movement, but tokenisation will obscure metrics
New EBA taxonomy could help integrate emerging op risks
Extra loss flags will allow banks to track transversal risks like geopolitics and AI, say experts
Third of banks run ALM with five or fewer staff
Across 46 firms, asset-liability management is usually housed in treasury, but formal remits and staffing allocations differ sharply
One Trading brings 24/7 equity trading to Europe
Start-up exchange will launch perpetual futures Clob in Q1 after AFM nod
