© 2010 IBM Corporation
The IBM Banking Industry Framework
Integrated Risk Management Business Continuity Services
FINANCIAL SERVICES SECTOR – DAR ES SALAAM – 12 November 2010
Henk van WilsumPrincipal Consultant
2©2010 IBM Corporation
Agenda
The IBM Banking Industry Framework
Integrated Risk Management
Business Continuity
Next Steps
3©2010 IBM Corporation
Integrated Risk Management Holistically manage risk across the enterprise
Banks need to:• Understand market and credit risk
exposure across multiple silos • Secure all transactions and forms of
interaction• Proactively prevent increasingly
sophisticated internal and external prohibited activities
• Effectively manage detected events• Proactively manage internal and
external potential risks• Understand and manage increasingly
complex compliance requirements at optimal cost
4©2010 IBM Corporation
Automate Resolving False Positives Integrated Fraud and Financial Crimes platformCustomer Identification Entity Management Integrated Case and Investigation Management with Web 2.0 capabilities
Get Your Risk Data in OrderRisk Insight and ControlReal Time Risk Insight and ControlRisk OptimizationRisk Modeling and Scenario Analysis
Comprehensive Security Control, Enforcement, Management Trusted Identity Management Configuration/Incident/Problem/Change/Release Management Continuous, Comprehensive Fault Monitoring Data Protection Application Integrity and Security
Compliance Information Lifecycle ManagementCorporate Governance and Internal ControlSales and Market Conduct ComplianceRegulatory CompliancePrudential Compliance
FinancialCrimes
Governance and
Compliance
Financial Risk
Operational and IT Risk
Integrated RiskManagement
IntegrationOptimization
AnalyticsCollaboration
SecurityResiliency
Integrated Risk Management Framework Projects
5©2010 IBM Corporation
SMART IS Having the right mix of control measures to proactively deal with financial crimes across all points of vulnerability.
SMART IS Knowing your risk exposure, across lines of business and among industry entities, across the globe, in near-real time.
SMART IS Mitigating risk by elevating and leveraging IT as the organization’s primary, systemic weapon against operational risk and its root causes.
Financial services: Delivering on integrated risk management.
1
3
2
SMART IS Automatically managing business processes while providing regulatory compliance reporting and monitoring at minimal cost.
4
6©2010 IBM Corporation
Financial institutions are looking to get a better handle on their financial risk.
33%Financial services executives recently surveyed by the Economist Intelligence Unit who think risk management principles in their businesses remain sound, with over half conducting or planning a major overhaul of operations.1
Banking and financial markets executives who see integrated financial risk management as a priority to enhance competitiveness.2
Financial services firms who say their financial risk, governance and compliance processes are still not integrated across the enterprise.3
80%73%
1
Sources:• Economist Intelligence Unit Survey• IBM Global CIO Study, 2009• Governance, Risk and Compliance in Financial Services, The Economist, June 2008, IBM CRO Survey
7©2010 IBM Corporation
Smart is: Knowing your risk exposure, across lines of business and among industry entities, across the globe, in near-real time.
Managing financial risk today requires more than knowing direct exposure through each line of business. A financial institution must also be able to continuously map critical relationships across activities, product classes and risk factors.
Commercial banking
Retail banking
Corporate finance
Asset management
Custody and agency services
Sales and trading
Credit ratings
Marketrates Correlation Equity
pricesEconomic indicatorsVolatility
Activities
Product classes
$
1
8©2010 IBM Corporation
Smart is: Knowing your risk exposure, across lines of business and among industry entities, across the globe, in near-real time.
This will enable the institution to know its true exposure to all relevant risk factors, regardless of the complexity of their relationships with individual products and activities.
Commercial banking
Retail banking
Corporate finance
Asset management
Custody and agency services
Sales and trading
Activities
Product classes
$
1
9©2010 IBM Corporation
Smart is: Knowing your risk exposure, across lines of business and among industry entities, across the globe, in near-real time.
By integrating data and processes—as well as analytics, reports and visualizations—the financial institution will be able to gain a single view of its complete risk exposure across all dimensions of analysis.
Activities
Product classes
Lines of business
Risk factors
$
1
10©2010 IBM Corporation
Smart is: Knowing your risk exposure, across lines of business and among industry entities, across the globe, in near-real time.
How will you do it?Increase the quality, transparency and timeliness of your risk information while proactively managing your exposure and liquidity. Recognize and predict complex causal relationships.
Steps to take:
The benefits:New compliance capabilities
Greater profitability
Increased cost containment
Enhanced business agility
Design,implement and enhance solutions to meet prudential requirements.
Gainstate-of-the-art risk management capabilities for each risk category.
Integrateindividual risk management capabilities into an enterprise framework.
Connectrisk, finance and business information systems.
Createa firm-wide risk management culture.
1
11©2010 IBM Corporation
One of the world’s top global banks manages risk across the enterprise
Client Challenges• A tighter focus on retail credit risk
management at the corporate level required new centralized risk capabilities
Solution• Developed a scalable,
comprehensive risk analytics, intelligence, and reporting platform - and a streamlined process to ensure accurate data collection and management
Smarter Business Outcomes• Centralized and efficient risk analysis, intelligence, and reporting• Integration with Basel II, traditional, and emerging risk metrics• Broad, deep, and reliable view of risk from many perspectives• Risk managed at multiple levels -- from the Board of Directors to line of business
Top Global Bank
12©2010 IBM Corporation
Provides industry-leading credit risk insight with specialized templates to create executive dashboards and reports
COGNOS Banking Risk Performance – Credit
Risk
COGNOS Risk Adjusted Profitability Blueprint
Provides real time identity and relationship recognition and resolution
Entity Analytics and Global Name Recognition
Blueprint for integrating risk information with enterprise-wide, distributed profitability management
COGNOS Finance & Integrated Risk
Management (FIRM)
Consolidates credit / underwriting, market, and operational risk information into an enterprise-wide view
IFW / BDW Process & Data Models
Risk-specific banking process and data models speed requirements definition and implementation
Access and identity management, change management, and fault monitoring capabilities simplify audits for IT governance, risk and compliance regulations
IBM Service Management for IRM
Integrated Risk Management Framework Extensions and Accelerators
13©2010 IBM Corporation
Be confident that representations of risk exposures are consistent and reliable at every level of your organization?
Understand the complex relationships among risk factors, activity indicators and your business profitability?
Enable your business lines to understand and visualize how theirindividual decisions affect the overall risk profile and companyperformance?
How will you…
14©2010 IBM Corporation
Banking Industry Framework for Integrated Risk Management: Process snapshot.
Information sourcesInternal sourcesExternal sourcesBoth structured and unstructured
Discovery and integrationETL and Quality
- Business glossary- Physical data models
Industry Models- Glossary model- Logical data models
Identify/Discover informationStandardized industry framework for data modelsLink structured and unstructured information
Risk calculatorsVaR calculationsPD, LGD, EAD calculationsSophisticated risk models provided by customers/ISVsComplex computation
- “Fat Tails” or “Black Swans”Reconciliation across asset classesComplex simulation models
Complete and trusted viewCounterparty informationRisk-related informationCapture lineage and provenanceProvide necessary ILM capabilityReal time (or near-real time)
Analytics serverConnectivity to advanced analytics
- Connectors to SAS, SPSSHigh-performance real-time processing (rules, CEP, in-memory processing)
Risk analysis (QRA) and reportingDashboards and scorecardswith drill down capabilityRisk analysis tools, e.g., credit concentration riskRisk monitoringDecision support for risk mitigationRisk-adjusted performance analysis
Interface to business processesLoan originationRisk mitigation workflows
Optimized end-to-end solutionRelationship with a broad set of ISVs
Information sources
Discovery and integration
Complete and trusted view
Risk analysis (QRA)
and reporting
Risk calculators
Interface to business processes
Optimized end-to-end solution
Analytics server
15©2010 IBM Corporation
Agenda
The IBM Banking Industry Framework
Integrated Risk Management
Business Continuity
Next Steps
17©2010 IBM Corporation
… rapidly adapt and respond to opportunities, regulations and risks, in order to maintain secure, continuous business operations, be a more trusted partner, and enable growth
Business resilience is the ability to…
Growth Areas
Business dependence
Regulatory compliance
Interdependencies
CEO’s are struggling with the following areas of resilience….
- Online Trading.- Explosion of Intel and Unix systems.
- Inter application & inter system consistency.- Increased use of Tiered applications.
- Greater integration of IT within business functions.
- Regulations and compliance issues. - FSA 3rd site recommendations.
18©2010 IBM Corporation
BCRS value propositionBCRS value proposition
PreventPrevent ProtectProtect ManageManage RecoverRecover
Services to recover business & technology following a negative event
Services to provide fault- tolerant, failure-resistant infrastructure with near- zero recovery times
Services to remotely store, protect & recover vital business information
Services to assess, design and plan for a resilient business infrastructure
Consulting Services
Business Continuity & Resiliency Services
Data Vaulting Service
Tape Backup Services
Replication/Mirroring Services
IT Recovery
Work Area Recovery
19©2010 IBM Corporation
IBM BCRS Consultants deliver projects using the Global Delivery Methodology
Environmental Risk Assessment
Recovery Exercise
Assistance
Business Resiliency
and Continuity Manager
Business Impact
Analysis
IT Recoverability Assessment
IT Recovery Services
IT Disaster Recovery Plan Development
Recovery Solution Design
Recovery Strategy Definition
Plan for business resilience
Design enterprise resilience solution
Manage to resilience objectives
Evaluate resilience
capabilitiesPrioritise business
resilience needs
Establish risk
tolerance
Rehearse and review
resilience program
Simulation
Exercises
Work Area Recovery
Virtual Workplace Recovery
Business Continuity Plan Development
Crisis Management Plan Development
20©2010 IBM Corporation
Layers of resilience within a business.Layers of resilience within a business.
• Recovery Data Centre• Recovery Office location • Continued network access to customers and suppliers.
• Server and storage virtualisation• Rapid Server provisioning • Specialist Recovery Expertise
• Mirroring for critical data• Remote backup facilities• Backups of workstation data for mobile workers / branches
• Identify most critical processes• Contingencies integrated into all critical processes • Key links with external companies
• Command center identified• Geographic diversity of staff• Defined roles and responsibilities
• Crisis management process• Articulated governance model• Resilience used as competitive advantage
Continuity Plan
IT Recovery
Resilience Strategy
Work Area & Data Centre
Data Management
Photographs: © Jupiter Images
ProcessesProcesses
TechnologyTechnology
OrganizationOrganization
FacilitiesFacilities
StrategyStrategy
Applications and Data Applications and Data
Business Impact Analysis
21©2010 IBM Corporation
Managed Delivery Trailer
Infrastructure
Consumers
Integration
Data A
rchitecture
Business Processes
Services
Service Components
QO
S Layer
Data & Applications
Fixed Site Data Centre :
Dedicated or Shared Inventory
Data Vaulting Data Replication/MirroringTape
Recovery of IT Systems can be broken down into two layers:Recovery of IT Systems can be broken down into two layers:
22©2010 IBM Corporation
Managed Delivery Service: Managed Delivery Service: recovery technology quickrecovery technology quick--shipped when you need itshipped when you need it
• Provides an easily deployed flexible and rapid shipment of IT equipment to the location of your choice.
Service Benefits :• Fully configured recovery systems delivered to your designated location within 24
hours.• Dedicated technical and engineering team available to facilitate fast and effective
recovery• Offers the convenience of business recovery at an affordable price. • Enables element recovery at site in the event of Individual server failure.• Servers are packed in specially designed flight cases to ensure the equipment is not
damaged in transit. • Virtualised servers, storage, SAN & LAN fabrics preconfigured within each flight case
to enable rapid deployment.
23©2010 IBM Corporation
• Mobile trailer-based data centre and preconfigured servers delivered to a location of your choice.
Service Benefits:• Provides replacement Data Centre at your location within 24 hours and includes office space for 10 people.• Data Centre equipped with fully configured recovery systems• Enables staff to remain on site within a self contained environment • Annual test included in the service to ensure that the recovery process works. • Dedicated technical and engineering team available to facilitate fast and effective recovery.• Removes need for expensive Network connectivity between sites thereby offering the convenience of business
recovery at an affordable price • Contains a 100Kva generator and own power supply providing self supporting environment
Mobile Data Centre: replacement data centre shipped to your locMobile Data Centre: replacement data centre shipped to your locationation
24©2010 IBM Corporation
Comprehensive recovery capabilities at specialized, strategically located IBM facilities.
Service Benefits:Access to enterprise systems that can not be delivered by mobile or
managed delivery.Virtualised scalable infrastructure fabric provides fast response and
recovery times– servers, SAN and storage available in 4 hoursAccess to advanced recovery tools and techniques.Dedicated technical and engineering team available to facilitate fast and
effective recoveryOn site storage of Operating System images and LPAR configurations
reduces set up time.Option to use either dedicated or shared servers.Option to store and rotate recovery tapes in Media Library at recovery
location.
Fixed Site Recovery: comprehensive restorative capabilities at Fixed Site Recovery: comprehensive restorative capabilities at specialized IBM business resilience centersspecialized IBM business resilience centers
25©2010 IBM Corporation
25
Replication / MirroringReplication / Mirroring
• Replication of customers data synchronously or asynchronously to a secure remote location.• In the event of a disaster this provides the customer with a facility to recover their data more quickly than by traditional recovery methods and with minimal data loss.• Option to use either shared or dedicated servers to recover production systems.• Provides a cost effective utility based recovery service based on the amount of data being replicated.• Solutions are multiplatform and cater for multiple disk technologies.• Gives a range of costed Recovery Point options based on the network bandwidth.• Data consistency guaranteed (volume level or application level).
Dedicated Disk at remote IBM Recovery Centre
Asychronous replication of data
Wide area network (WAN)
Customers Data Centre
Shared or Dedicated Recovery Servers
26©2010 IBM Corporation
IBM Business Continuity & Resilience for IBM Business Continuity & Resilience for Work Area RecoveryWork Area Recovery
27©2010 IBM Corporation
… rapidly adapt and respond to opportunities, regulations and risks, in order to maintain secure, continuous business operations, be a more trusted partner, and enable growth
Business resilience is the ability to…
Growth Areas
Business dependence
Regulatory compliance
Interdependencies
CEO’s are struggling with the following areas of resilience….
- Online Trading.- Explosion of Intel and Unix systems.
- Inter application & inter system consistency.- Increased use of Tiered applications.
- Greater integration of IT within business functions.
- Regulations and compliance issues. - FSA 3rd site recommendations.
28©2010 IBM Corporation28
Be Prepared for the UnexpectedBe Prepared for the Unexpected
Notable Disasters1994 Merriespruit tailings dam disaster
1996 IRA attack on Docklands, London
1997 Munitoria fire, Pretoria
2001 Attack on the World Trade Centre, New York
2001 Ellis Park Stadium disaster
2001 Explosion of the AZF factory, Toulouse, France
2002 Main power cut to UK Bank’s Docklands data centre
2003 Major Power Outages in New York and London
2006 Table Mountain fire
2005 London 7/7 – Major terror incidents
2007 Durban oil refinery fire
2009 Tracker fire
2009 Table Mountain fire
29©2010 IBM Corporation
Optimise your Work Area Recovery strategyOptimise your Work Area Recovery strategy
Business is dependent on people
Flexible Work Area Recovery Services tailored to you
Innovative approach to meet your business needs
Layers of resilience
Mitigation of business risks for today and tomorrow
Engage IBM to strengthen your Business Resilience
New Work Area Recovery solutions, Innovation for today and tomorrow
30©2010 IBM Corporation
Work Area Recovery Service ComponentsWork Area Recovery Service Components
WorkArea
Recovery
Technology• Desktop and Server PCs• Networking• Voice communications
Buildings\Location• Resilience• Secure Environment
Support• H\W, Software, Recovery, Configuration• Preventative Maintenance
Service Management• Invocation, Testing• Change Management• Implementation• Project Management
Ancillary Services• Data Centres• Meeting Rooms• Post Rooms• Car Parks• Storage Rooms• Rest Areas
Related Services• Internet Access• Market Data Services• Managed Recoveries• Assisted Server Recovery• Consultancy
31©2010 IBM Corporation
IBM Disaster Recovery Services for Work Area Recovery IBM Disaster Recovery Services for Work Area Recovery –– Touchdown Recovery SpaceTouchdown Recovery Space
Helping you prepare for a significant workforce disruptionBusiness benefits
Mitigates risk caused by events not covered by traditional DR contracts e.g. transport problemsLow cost access to usual office services printer/fax/photocopier, meeting rooms etc.Small groups of staff working in the same location
FeaturesTouchdown recovery is a Hot Desk type facility designed to provide additional resilience to your work force Geographical flexibility; selected site(s) to suit staff demographics ie between their normal office and home locationsProvides a low cost way of providing resilience against short-term, short-duration business interruptionAccess to Printers, Fax machines and Photocopiers Internet Provision with firewallUse of meeting rooms, rest areas etc.Option to use desktop PC or own laptop
Improved Business Resilience, Innovation for today and tomorrow
32©2010 IBM Corporation
IBM Disaster Recovery Services for Work Area Recovery IBM Disaster Recovery Services for Work Area Recovery –– Shared Recovery SpaceShared Recovery Space
Helping you prepare for a significant workforce disruptionFeatures
Full function office environmentConnectivity to your corporate network at Test and InvocationDesktop PC image managementVirtualised PC recoverySyndication risk management through contractual Exclusion ZonesIBM’s unique Equitable Sharing policy Front Office and Back Office positionsCall centre recovery
Business benefitsCost effective way of providing full office recoveryHelps mitigate damage to revenue and reputation caused by significant disruptionsProvides security and 24x7 support for your physical workplace solution
Risk mitigation thorough cost effective resilience solutions
33©2010 IBM Corporation
Business benefitsWork with other businesses with a similar profile to optimise on your overall solution Suggested multiple locations increases flexibility and overall risk mitigation Provides security and 24x7 support for your physical workplace solution
FeaturesIBM will establish suitable collaboration groups Designed for 2, 3 or 4 businesses to share equitably Provides a good balance between the optimal solution of Dedicated space and Shared spaceFull function office environment to agreed specificationConnectivity to your corporate networkDesktop PC image managementSyndication risk management defined by the members of the Collaboration GroupShared Financial Market Data ServicesFront Office, Back Office and Call centre recoveryIBM Service support to facilitate ongoing collaboration
IBM Disaster Recovery Services for Work Area Recovery IBM Disaster Recovery Services for Work Area Recovery –– Collaborative Recovery SpaceCollaborative Recovery Space
Helping you prepare for a significant workforce disruption
Improved Business Resilience, Innovation for today and tomorrow
34©2010 IBM Corporation
Agenda
The IBM Banking Industry Framework
Integrated Risk Management
Business Continuity
Next Steps
35©2010 IBM Corporation
Financial organizations benefit from added speed, choice and flexibility, along with lower levels of risk
Speed: Pre-configured solutions can be implemented faster than ever.
Choice: Banks choose the solutions that provide the most value to them, in the order and at the pace that makes the most sense.
Flexibility: Techniques built on business process management and service-oriented architecture means easier deployment and interoperability of solutions.
Lower risk: Incremental projects, each with a defined payback period, are more easily scoped and implemented—and build on infrastructure deployed in previous phases.
36©2010 IBM Corporation
Only IBM can provide you with the unique combination of tools and expertise you need, across all elements of business and technology risk, to build a proactive integrated approach to risk management—enabling cost avoidance in compliance spend and redeployment of existing resources to higher-value initiatives.
Why IBM?
37©2010 IBM Corporation
Know future legislation and requirements
Prioritize near-term benefit, high-value projects.
Business focus areas:– Financial Risk– Financial Crimes– Operational and IT Risk – Governance and Compliance– Single view of a Customer
Use project to justify the start of a risk data platform.
Apply analytics to support performance management.
Integrate analytics results into your business processes.
Actions to take: