- Professional Risk Managers International Association PRMIA - International Swaps Derivatives Association ISDA

1935 days ago, 717 views
PowerPoint PPT Presentation

Presentation Transcript

Slide 1

- Professional Risk Managers' International Association (PRMIA) - International Swaps & Derivatives Association (ISDA) Who Needs Operational Risk? David Gibbs MSc; Head of Operational Risk BFP 19 TH April 2005

Slide 2

Presentation title and date A Moment of Indulgence David J Gibbs. David Gibbs MSc, is mindful the Risk & Governance of Barclays Financial Planning. Once Information Security Manager inside BACS Ltd, one of the biggest Clearing Houses in Europe. He has 20 years encounter inside significant organizations in the monetary segment, including Head of Information Security & Business Continuity for International Financial Data Services UK Ltd, (an association together possessed by State Street Bank and DST) and Head of Operational Risk & IT Security for Barclays Investment Management. He has created and actualized Enterprise Security Infrastructures in the Bank Assurance and Investment Banking condition. These have been bolstered by Security Architectures and related approaches in view of ISO 17799, together with Governance and Controls manuals and practices in consistence with Regulation and Legislation. The difficulties of grasping the internet business/e - empowered world must be confronted, as "Lack of concern is not an Option."

Slide 3

Who Needs Operational Risks?

Slide 4

Statement! Hazard Management is one of the key fixings in restricting together a business. It's significance to us ought not thought little of. Incredible Disasters happen, not on the grounds that individuals run dangers, but rather in light of the fact that they don't comprehend the dangers.

Slide 5

Introduction; Organizations are presented to an extensive variety of Risks and the way of those dangers implies, in the event that they emerge, they may offer ascent to surprising misfortunes in back, notoriety and brand esteem. A sound arrangement of interior control must be actualized and since benefits are, to some degree, the reward for effective hazard taking in business, the execution of a powerful Governance Framework is to help oversee and control chance suitably, instead of kill it.

Slide 6

Asian Financial Crisis of 1997 Korea & Japan. History of Corporate Fraud; Maxwell, Marconi, Enron, Worldcom. Parmalat; real obligation $18 billion (8 times what the organization guaranteed when it became bankrupt in December 03). National Australia Bank (unapproved exchanging by four money alternative merchants could have fetched the Bank as much as A$600million). Adecco (Arguably the universes greatest enrollment office. Securities exchange esteem split after notices that it's 2003 figures would be deferred because of bookkeeping abnormalities). (iii) Management Incompetence; Equitable Life, Royal Dutch/Shell Collateral Damage; Citigroups' $9.8 billion suit save of Worldcom, Enron Why execute a Governance Framework ?

Slide 7

Key Failures, money related; Were not skeptical ! Reflected systemic shortcomings. Progressively had overall effect. Thump on impact on Pensions Funds and resources of Pensions .

Slide 8

Operational Risk Example?? It's hard to discover anybody with the proper responsibility. The reviewers can't give affirmation on the legitimateness and consistency of the controls in 95% of the association. No twofold passage bookkeeping frameworks. PC frameworks for budgetary exchanges needed cohesiveness security and follow capacity.

Slide 9

Threats & Drivers Diversity

Slide 10

Brand Value Shareholder Value Business Risk Encourages Confidence Company Integrity Risks To The Organization Understanding the Business Complexity Compliance, Credit, Environment, Legal, Market , Product, Taxation, Risk Appetite, Corporate Risk Profile Operational Risk Framework Audit & Compliance Approved Functions Governance & Control Management Information Roles & Responsibilities Incident Management Project & Change Control Operational Risk (FSA Key Controls) Complaints Handling Data Protection Information Security Infrastructure Long Tail Risk Succession Planning Mission Critical Processes Training & Competence Money Laundering (KYC) Business Continuity Planning Target Operational Strategy Business Model Operating Model Technical Model HR Model Business Strategic Plan Budget Cycle New Ventures Performance Metrics Contracts Service Level Agreements Quality Assurance Retail Price Index Asset Management Return On Investment Key Performance Indicators Key Risk Indicators Complaints

Slide 11

Information Systems "We have entered another worldview in e-business, similar advantages of ease and rapid we delighted in the 90s, are currently being misused by sorted out wrongdoing. Expenses to confer misrepresentation is low and the compensation back can be enormous. We should ensure the customer and save trust and the honesty in the on-line commercial center."

Slide 12

"stealth"/propelled checking procedures Tools High parcel caricaturing DoS DDOS assaults sniffers Intruder Knowledge sweepers www assaults GUI robotized tests/examines indirect accesses crippling reviews thefts Attackers abusing known vulnerabilities Attack Sophistication secret word figuring out self-duplicating code watchword speculating Low 1980 1985 1990 1995 2000 Attack Sophistication v Intruder Knowledge

Slide 13

Information Security Current Picture & Challenges Emerging Technologies. Extortion, Identity Theft, 419 Scams. Modernity of Attacks,(PHISHING) Tools and on-line offer assistance. Tax evasion. Think Damage (Human Error !!). Appropriated Denial Of Service (DDOS) assaults. Infections ? More engaged Regulation and Legislation. Psychological oppressors/Disasters ?

Slide 14

Emerging Technologies. Remote advances 3G Mobile Increased data transmission

Slide 15

Fraud, Identity Theft, 419 Scams. Government figures monetary extortion in the UK likens to £800 every moment. - Card misrepresentation in the course of recent years has expanded by 30% year on year, APACS figures cited UK card extortion £402.4 million card extortion for 2003. - 419 detailed one fifth of some West African nations income. - ATM envelope, ATM venture, and Salami tricks. - Currently more than 40,000 individuals are liable to data fraud, the quickest growing misrepresentation.

Slide 16

Sophistication of Attacks,(PHISHING) Tools and on-line offer assistance. October 2003 Halifax Bank (UK) the uncommon stride of shutting down its web based managing an account benefit influencing 1.5 million clients. APACS detailed that in the district of 2,000 UK online record holders were taken in by Phishing assaults in2004. Misfortune in the district of £4.5m altogether. 4%-5% account holders react.

Slide 17


Slide 18

Money Laundering. UK banks as well as all around Money Laundering is overflowing. Home office trusts that around £18 billion is Money Laundered through the UK consistently. It is assessed that Worldwide, between £??? also, £??? billion is Laundered

Slide 19

Anti Money Laundering Challenges ? Arrangement of Small Businesses to conform to the Money Laundering Legislation. Tolerating the corporate obligation to battle wrongdoing. Power of controls in huge Financial Organizations. Nearness of underground Banking (Hawala &Hundi) Arguably ," One of the most secure strategies for Money Launderers to exchange cash". Getting the harmony between the security of individual's rights, versus the need to ensure our general public against crooks and psychological militants. Data fraud

Slide 20

Deliberate Damage (Human Error). - Downsizing & Outsourcing individuals feel undesirable. - Over 60% episodes brought on inside. - Thorn UK, focused on – out PC man is imprisoned over £500k disrupt. - Daily Mail, man captured 6 hours before the due date to Crash the daily paper frameworks. Interest for £600k, could have fetched the Newspaper £13.9m. - Arab Emirates, programmer close down the whole nation's Internet Network. Assert for remuneration in the area of £650k. Root Key, where did it go ?

Slide 21

Distributed Denial Of Service (DDOS) assaults. - DDOS assaults have as of late developed as a standout amongst the most news-commendable, if not the best shortcoming of the Internet. DDOS assaults overwhelm their casualties Internet network and by doing as such render futile any on location security boundaries. (Notwithstanding when on location arrangements are compelling in keeping any genuine break of the security divider gave by Firewalls and Intrusion Detection Systems).

Slide 22

Denial of Service (Business) Attacks. The controller machine never associates specifically to the Zombie machines, furthermore insurance is given by the utilization of scrambled/obsucated correspondence channels between the controller and the Handlers. Simliar levels of insurance are connected between the handler and the zombie operator. This gives the controller a sheltered area to dispatch assaults on focuses, without the casualties having the capacity to figure out where the assailant is found.

Slide 23

Case Studies; Yahoo; The site was brought down for a few hours amid 2000 by abusing a shortcoming in the switch programming, creating loads of movement by assault enhancement. The aggressor traded off a substantial number of frameworks on the Internet. WorldPay; The online installment supplier experienced the impacts of a maintained DDOS assault amid November 2003. The assault, which restricted the accessible data transfer capacity for veritable clients, went on for 3 days. WorldPay, were likewise "hit" right on time in 2004 where there was a blackout for a few hours. Web based Gambling Sites; Are being focused by sorted out hoodlums, who are Blackmailing associations with the risk of DDOS assaults, in the event that they decline to pay the cash asked.

Slide 24

Viruses Hackers have made more than 70,000 infections. 1 in 12 messages contain an infection. 1 in 4 messages are Spam. February, March 2004 Estimated that more than 72 million working days have been lost overall in view of infections Variants of My DOOM, BAGLE & NETSKY Bugs are costing billions of pounds (Melissa brought about over £80 million overall alone) Estimate that Net Sky has created more than £20 million in misfortunes worldw