SlideShare a Scribd company logo

Managing Information Risk in Financial Services

Download as PPTX, PDF
Andrew Smart
Andrew Smart

Managing Information Risk in Financial Services Webinar Feb 26th 2014 presented by Colin Lobley http://manigent.com/uk.linkedin.com/pub/colin-lobley/2/7/563 Many of the fines issued by the FCA over the past few years can be attributed to poor information management. The threats from external cyber-attack and malicious insiders are escalating, with your corporate and client information being the primary target of the cyber criminals. The legal requirement on UK businesses will evolve with the proposed EU data protection regulation likely to come into force next year. It is therefore critical to implement robust information risk management.

Business
1 of 31
Managing Information Risk Putting the ‘I’ back in IT: Creating Tangible Value from the Intangible Asset Colin Lobley Director Information Strategy & Risk
Webinar Aims & Structure  Aims:  Provide evidence for taking an information risk approach rather than an IT/cyber security approach  Introduce practical concepts and approach to managing information risk  Why Bother with Information?  The Information Opportunity  Threats and Risks  Managing Information Risk  Current Approaches, Weaknesses and Common Barriers  Overcoming the barriers: concepts and approaches to managing information and information risk management: Processes, Systems, Governance and Culture Page  2
Manigent & Me  Director of Information Strategy & Risk.  14 years in strategy, programme and risk management; 6 years focused on the cyber threat environment.  2007 – Business Continuity Journal, Vol. 2, Issue 3: Ascertaining the behaviors and factors driving investment in high impact risks.  2008 – Manigent’s CEO created the Risk-Based Performance Management methodology.  Today – Building business resilience and enhancing performance by managing strategy and risk in today’s continuously turbulent, information-centric operating environment. Page  3
WHY BOTHER WITH INFORMATION? Page  4
The Value of Exploiting Information: FTSE 350 View  A potential gain of £44bn gross operating profit per annum across the FTSE 350 from enhanced information exploitation. Page  5 Source: The Information Opportunity Report – Cap Gemini
The Value of Exploiting Information: Sector Comparison Page  6 Source: The Information Opportunity Report – Cap Gemini
The Value of Exploiting Information: Function Comparison  Other functions with >20% of respondents saying it would be a function of greatest potential: Marketing, HR, Logistics & Supply. Page  7 Source: The Information Opportunity Report – Cap Gemini
Information Risks: Personal Data Breaches per Sector   $215 (£129) per capita in financial services (direct). But the indirect impact on financial services is huge – insurance and compensation claims. Page  8 Source: Cost of a Data Breach Survey 2013, Ponemon Institute
Personal Information Risk: Evolving Legislative Environment  New legislation and regulatory oversight likely to make this worse  Current: Data Protection Act (UK)  Information Commissioners Office enforces  Maximum fine of £0.5m  To date largely a public sector focus (& Sony - £350k in a £170m+ incident)  FCA also have the ability to fine  Zurich - £2.3m in 2010  New EU Data Protection Regulation in 2015 (est.):  Fines of 5% turnover?  Criminal Prosecution? Page  9
Information Risk: Financial Services Case Studies  J.P.Morgan International Bank Limited, 2013, £3.1 million – direct fine by the FCA for systems and controls failings. Highlighted issues:  Client files which were not kept up to date  A computer based record system that did not allow sufficient information to be retained, suitability reports that failed to contain relevant client information.  A 2 year persistent failing during which “JPMIB’s senior management did not have sufficient information and oversight tools to identify and address these deficiencies”.  Sesame Limited, 2013, £6m - fine for failings between 2005-2009 during which the:  “vast majority” of sales were flawed because of a “mismatch between customers stated investment objectives and attitude to risk and the product sold” and  “the suitability letters provided to customers stated incorrectly that income or capital growth was guaranteed”  Many others – TJX, Citigroup, Barclays, De-Vere Group, NASDAQ …… and the list goes on. Page  10
Information Risk: Evolving Regulation in FS  Emerging Financial Services Regulative oversight (UK) likely to lead to increased frequency and size of fines and stricter reporting.  FCA Risk Outlook 2013: “Increasing reliance on technology without fully understanding the consequent risks and dependencies”  UK’s Financial Policy Committee stated that: “market participants had increasingly highlighted concerns about operational risk, including threats of cyber-attack”. (June 2013) and “the boards of the relevant supervisory bodies to ensure that there was a concrete plan in place to deliver a higher level of protection against cyber-attacks for each institution at the core of the financial system, including banks and infrastructure providers.” (Sept 2013)  Waking Shark II report: “The PRA and FCA will coordinate to ensure dual-regulated firms are fully aware of the regulators’ incident reporting requirements and update frequencies.” Page  11
Information Risk: Linked with Conduct Risk  Customer Management was the #1 area businesses felt could be improved through better information exploitation  Root cause of many FCA fines can be identified as poor management and analysis of customer data  Conduct Risk Agenda: To make relevant markets work well so consumers get a fair deal.  Consumers get financial services and products that meet their needs, from firms they can trust;  Markets and financial systems are sound, stable and resilient, with transparent pricing information; and  Firms compete effectively, with the interests of their customers and the integrity of the market at the heart of how they run their business.  The risk of poor information management will lead to bad conduct. Page  12
Conclusion: Information Exploitation and Risk “Early adopters of effective information exploitation strategies are seeing real and tangible business performance improvements. Those that chose to do nothing have seen the gap between themselves and the market leaders widen.”  There are significant risks to:     Page  13 The information you have driven by the cyber threats Failing to exploit what you have already Not having the right information to exploit Compliance with changing laws and regulation
MANAGING INFORMATION & INFORMATION RISK Page  14
The Traditional Approach ….. HACKERS CHINA IT (CYBER) SECURITY LED BY CISO / IT DIRECTOR REACH FOR A STANDARD (ISO 27001) Page  15 LOSS OF REPUTATION ….. Is immature and clearly not working.
Barriers to Exploiting Information 1. PROCESSES (110) Page  16 Source: The Information Opportunity Report – Cap Gemini 2. SYSTEMS (66) 3. PEOPLE – governance and culture (121)
Barriers to Managing Information Risk The Survey says …..  Poor alignment between:  Information security strategy and business strategy  Information security strategy and risk appetite or tolerance  Security policies and business objectives  Security spending and business objectives  Budget constraints / Insufficient capital funding  A lack of leadership from the CEO or Board  A lack of vision on how future business needs will impact security I say ….  PROCESSES: Complete failure of many businesses to articulate, manage and report the value of information and information risk linking the benefits and risks to business drivers  SYSTEMS: Too much focus on IT systems and not enough on information systems – the asset of real business value  PEOPLE: CIO’s focus on technology not information; lack of Board engagement on an “IT issue”; no ownership of information assets Page  17 Source: EYs Global Information Security Survey; PwC Global State of IT Security Survey 2013 and associated PwC blog
Information-centric Business Systems & Processes ICT & more importantly, information, are the key enablers of any modern business. STRATEGIC OBJECTIVES DECISIONS STRATEGIC KNOWLEDGE OPERATIONAL USE ACCESS OPERATIONS STORE (ACQUIRE) INFORMATION ANALYSE PROCESS COLLECT / GENERATE DATA Page  18
People: Changing the Information Culture Think of information as an asset of value:  “The value of the server [...] is probably negligible—it can be replaced quickly or its function can be moved to another server—however, the information asset stored on the container is not as easily replicated if compromised, and the impact to the organization is much more extensive.”  “An information asset is a body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited effectively.”  “60% of the senior executives felt that the information within their organisation was being used for retrospective reporting rather than to point a path to the future – a clear sign of failure to use information for competitive advantage” Page  19 Source : Information Asset Profiling; James F. Stevens; June 2005, Carnegie Mellon University; The National Archives – Information Asset Factsheet; Harnessing information to enhance business performance, Cap Gemini
Process: Determine Information Value Drivers   “An organisations information assets were felt to be unique and therefore impossible to compare to the information assets of other organisations.” Valuing information is unique to each business, depending on its business drivers. Other drivers identified by businesses we have worked with include: - Brand value - Revenue generation - Contribution to UK National Security - Supplier expectations Page  20 Source: Harnessing information to enhance business performance, Cap Gemini; Manigent assignments
People: Governance of Business Systems & Processes STRATEGIC OBJECTIVES Main Board & Operating Board /DECISIONS Exco STRATEGIC KNOWLEDGE OPERATIONAL USE ACCESS COO STORE OPERATIONS CIO & KIMs (ACQUIRE) INFORMATION ANALYSE PROCESS COLLECT / GENERATE CTO Page  21 DATA
Risk Systems & Processes REVENUE REPUTATION POOR DECISIONS OPERATIONAL DOWNTIME INFORMATION UNAVAILABLE THEFT OR LOSS OF INFORMATION LOSS OF INFORMATION INTEGRITY UNAVAILABLE ICT THEFT OR LOSS OF DEVICE OR SYSTEM COMPROMISED EXTERNAL THREAT / INCIDENT MULTIPLE THREAT VECTORS MULTIPLE THREAT ACTORS Page  22 INSIDER THREAT / INCIDENT MALICIOUS NON-MALICIOUS
People: Changing the risk culture  “Before the risks to an information asset can be assessed, the tangible and intangible value of the asset must be known.”  “The existence of a significant [IT] vulnerability does not mean that an organization is at a significant risk. A vulnerability is only significant if it places a critical asset at risk. This is an important distinction because assets and their value to the organization determine the context for risk rather than the vulnerability itself.” Page  23
Process: Risk & Risk Appetite Identify Monitor & Report Assess Risk Appetite Mitigation Page  24 Treatment
People: Risk Governance REVENUE REPUTATION Board POOR DECISIONS OPERATIONAL DOWNTIME COO INFORMATION UNAVAILABLE CRO & Risk Managers THEFT OR LOSS OF INFORMATION LOSS OF INFORMATION INTEGRITY UNAVAILABLE ICT THEFT OR LOSS OF DEVICE OR SYSTEM COMPROMISED CIO, CTO, CISO, Physical Security, Personnel Security / HR EXTERNAL THREAT / INCIDENT MULTIPLE THREAT VECTORS MULTIPLE THREAT ACTORS Page  25 INSIDER THREAT / INCIDENT MALICIOUS NON-MALICIOUS
Risk-Based Performance Management (RBPM) puts it all together What are we trying to achieve? What is our Risk Appetite? Strategy Management Appetite Are we on track? Performance Management Risk Management Governance & Communications Culture Page  26 Are we operating within appetite?
The Risk-Based Performance Management methodology Business Drivers Our People Our Environment Our Operation 2. Manage Performance 1. Set Strategy Appetite Page  27 Compliance Our Economic Profit 5.Governance 4. Appetite Alignment 3. Manage Risk Shareholder Value Exploitable Reserves Appetite 7.Culture 6.Communications Sustainability Image Profit
The Risk-Based Performance Management change process Execution Formulation Define Strengths & Weaknesses Define Strategic Goals Define Business Drivers Align Risk Appetite & Strategy Board Define Strategic Controls Define Strategic Objectives Define the Strategy Define the Business Model Page  28 Define Strategic Risks Define Risk Appetite Define Indicators Define Assets, Systems & Processes Define Initiatives Define Operational Risks Define Operational Controls Executive Assess Risks & Controls Monitor Appetite Alignment
Summary & Conclusion  Enhanced Information Exploitation offers huge opportunities – +27% operating profit in Financial Services, £44bn across the FTSE 350  Failure to manage the risks to your information and information processes leads to poor decisions, operational downtime and will ultimately have significant financial and reputational impacts  The regulatory environment is changing – act now to future proof your organisation and move beyond compliance to information performance  Managing information risk can help manage conduct risk  To embrace the opportunity and manage the risks we need to enhance our: Processes, Systems, and People  An integrated strategy and risk approach would be beneficial in develop a robust framework and implementing change. Page  29
Thank You for Listening! Future Events    Managing Information Risk in FS Workshop.  More detail and practical tools and techniques for managing information and its risks  More detail on the threat and additional case studies  Detailed discussion on the Information Lifecycle  Methods and approaches to identifying information assets and value  The use of value profiles to monitor and report on both value and risks / losses  Practical hands-on sessions  Date: 16th April  Time: 09:00 – 17:00  Location: London  Cost: £500 per delegate Future webinars and workshops  Risk Based Performance Management  Driving Value from Conduct Risk  Integrating Balanced Scorecard and Risk Management  Building better indicators If you want to talk further please get in touch Colin Lobley | Tel: +44 (0)77 9519 6283 | E: colin.Lobley@manigent.com Page  30
QUESTIONS Colin Lobley | Tel: +44 (0)77 9519 6283 | E: colin.Lobley@manigent.com Page  31

Recommended

Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
Andrew Smart
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
Andrew Smart
 
FMM&A15-StratexSystems
FMM&A15-StratexSystemsFMM&A15-StratexSystems
FMM&A15-StratexSystems
Andrew Smart
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Compliance Consultant
 
Risk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic LandscapeRisk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic Landscape
Nik Hasyudeen
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
Alexey Chekanov
 
StratexSystems_270115
StratexSystems_270115StratexSystems_270115
StratexSystems_270115
Andrew Smart
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
Grant Thornton LLP
 

Recommended

Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business Strategy
Andrew Smart
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
Andrew Smart
 
FMM&A15-StratexSystems
FMM&A15-StratexSystemsFMM&A15-StratexSystems
FMM&A15-StratexSystems
Andrew Smart
 
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Setting Conduct Risk Appetite. Assessing risk and identifying cultural driver...
Compliance Consultant
 
Risk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic LandscapeRisk Management And Internal Control In The Changing Econmic Landscape
Risk Management And Internal Control In The Changing Econmic Landscape
Nik Hasyudeen
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
Alexey Chekanov
 
StratexSystems_270115
StratexSystems_270115StratexSystems_270115
StratexSystems_270115
Andrew Smart
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
Grant Thornton LLP
 
2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management study
Lapman Lee ✔
 
Risk management is changing_Final LR
Risk management is changing_Final LRRisk management is changing_Final LR
Risk management is changing_Final LR
Richard Powell, Business Transformation
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
AstalapulosListestos
 
Etude PwC sur le reporting intégré (sept. 2014)
Etude PwC sur le reporting intégré (sept. 2014)Etude PwC sur le reporting intégré (sept. 2014)
Etude PwC sur le reporting intégré (sept. 2014)
PwC France
 
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
Gary Cable
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Third Party Risk Management
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
AJSERJournal
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
 
Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunity
Grant Thornton LLP
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?
CML Group
 
Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry
Franco Ferrario
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
Chris Mandel, RF, ARM-E
 
From pressure comes clarity - 2019 Compliance Risk Study
From pressure comes clarity - 2019 Compliance Risk StudyFrom pressure comes clarity - 2019 Compliance Risk Study
From pressure comes clarity - 2019 Compliance Risk Study
Accenture Insurance
 
Presentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk ManagementPresentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk Management
PYA, P.C.
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
Lou DiSerafino
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-Krecicki
Daniel Paula
 
data science applications in finance.pptx
data science applications in finance.pptxdata science applications in finance.pptx
data science applications in finance.pptx
ADITIUPADHYAY2237023
 
Big data analytics for life insurers
Big data analytics for life insurersBig data analytics for life insurers
Big data analytics for life insurers
dipak sahoo
 
Big_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedBig_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_published
Shradha Verma
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 

More Related Content

What's hot

Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
AJSERJournal
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
Lou DiSerafino
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-Krecicki
Daniel Paula
 

What's hot (18)

2015 global capital markets risk management study
2015 global capital markets risk management study2015 global capital markets risk management study
2015 global capital markets risk management study
 
Risk management is changing_Final LR
Risk management is changing_Final LRRisk management is changing_Final LR
Risk management is changing_Final LR
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guide
 
Etude PwC sur le reporting intégré (sept. 2014)
Etude PwC sur le reporting intégré (sept. 2014)Etude PwC sur le reporting intégré (sept. 2014)
Etude PwC sur le reporting intégré (sept. 2014)
 
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate GovernanceGRC FOR CAPITAL MARKETS: Beyond Corporate Governance
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
Effect of Enterprise Risk Management on Sustainable Financial Performance of ...
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
 
Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunity
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?
 
Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry Risck intelligence in the energy and resources industry
Risck intelligence in the energy and resources industry
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
 
From pressure comes clarity - 2019 Compliance Risk Study
From pressure comes clarity - 2019 Compliance Risk StudyFrom pressure comes clarity - 2019 Compliance Risk Study
From pressure comes clarity - 2019 Compliance Risk Study
 
Presentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk ManagementPresentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk Management
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-Krecicki
 

Similar to Managing Information Risk in Financial Services

Big_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedBig_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_published
Shradha Verma
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
GMFI Conference (3)
GMFI Conference (3)GMFI Conference (3)
GMFI Conference (3)
Daniel Paula
 
A Survey on Bigdata Analytics using in Banking Sectors
A Survey on Bigdata Analytics using in Banking SectorsA Survey on Bigdata Analytics using in Banking Sectors
A Survey on Bigdata Analytics using in Banking Sectors
ijtsrd
 
CILIP Conference - Information as an asset "rediscovering gold" - Sandra Ward
CILIP Conference - Information as an asset "rediscovering gold" - Sandra WardCILIP Conference - Information as an asset "rediscovering gold" - Sandra Ward
CILIP Conference - Information as an asset "rediscovering gold" - Sandra Ward
CILIP
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...
Eftychia Chalvatzi
 

Similar to Managing Information Risk in Financial Services (20)

data science applications in finance.pptx
data science applications in finance.pptxdata science applications in finance.pptx
data science applications in finance.pptx
 
Big data analytics for life insurers
Big data analytics for life insurersBig data analytics for life insurers
Big data analytics for life insurers
 
Big_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedBig_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_published
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
Data-Centric Insurance: How the London market can embrace analytics and regai...
Data-Centric Insurance: How the London market can embrace analytics and regai...Data-Centric Insurance: How the London market can embrace analytics and regai...
Data-Centric Insurance: How the London market can embrace analytics and regai...
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity|
 
Let’s Build a Smarter Planet: Re-thinking the way Insurance works!
Let’s Build a Smarter Planet: Re-thinking the way Insurance works!Let’s Build a Smarter Planet: Re-thinking the way Insurance works!
Let’s Build a Smarter Planet: Re-thinking the way Insurance works!
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Strengthen Internal Controls and Compliance through Data and AI as part of th...
Strengthen Internal Controls and Compliance through Data and AI as part of th...Strengthen Internal Controls and Compliance through Data and AI as part of th...
Strengthen Internal Controls and Compliance through Data and AI as part of th...
 
Information IS an ASSET: rediscovering gold
Information IS an ASSET: rediscovering goldInformation IS an ASSET: rediscovering gold
Information IS an ASSET: rediscovering gold
 
Fintech Risks and Benefits--DR. Emmanuel Moore ABOLO
Fintech Risks and Benefits--DR. Emmanuel Moore ABOLOFintech Risks and Benefits--DR. Emmanuel Moore ABOLO
Fintech Risks and Benefits--DR. Emmanuel Moore ABOLO
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
GMFI Conference (3)
GMFI Conference (3)GMFI Conference (3)
GMFI Conference (3)
 
A Survey on Bigdata Analytics using in Banking Sectors
A Survey on Bigdata Analytics using in Banking SectorsA Survey on Bigdata Analytics using in Banking Sectors
A Survey on Bigdata Analytics using in Banking Sectors
 
EAI Checklist
EAI ChecklistEAI Checklist
EAI Checklist
 
CILIP Conference - Information as an asset "rediscovering gold" - Sandra Ward
CILIP Conference - Information as an asset "rediscovering gold" - Sandra WardCILIP Conference - Information as an asset "rediscovering gold" - Sandra Ward
CILIP Conference - Information as an asset "rediscovering gold" - Sandra Ward
 
Strengthen Internal Controls and Compliance through Data and AI as part of th...
Strengthen Internal Controls and Compliance through Data and AI as part of th...Strengthen Internal Controls and Compliance through Data and AI as part of th...
Strengthen Internal Controls and Compliance through Data and AI as part of th...
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...Good Practices and Recommendations on the Security and Resilience of Big Data...
Good Practices and Recommendations on the Security and Resilience of Big Data...
 
IMA meeting accounting for big data
IMA meeting accounting for big dataIMA meeting accounting for big data
IMA meeting accounting for big data
 

More from Andrew Smart

Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
Andrew Smart
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct Risk
Andrew Smart
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
Andrew Smart
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct Risk
Andrew Smart
 
Middle east insurance market
Middle east insurance marketMiddle east insurance market
Middle east insurance market
Andrew Smart
 
Amnded stratexpoint screens1
Amnded stratexpoint screens1Amnded stratexpoint screens1
Amnded stratexpoint screens1
Andrew Smart
 
Greater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service WhitepaperGreater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service Whitepaper
Andrew Smart
 

More from Andrew Smart (19)

Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.Having trouble with your enterprise risk management strategy? Map it.
Having trouble with your enterprise risk management strategy? Map it.
 
Cyber Risk Management
Cyber Risk Management Cyber Risk Management
Cyber Risk Management
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct Risk
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
 
Making Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As UsualMaking Conduct Risk [Good] Business As Usual
Making Conduct Risk [Good] Business As Usual
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
 
StratexPoint Risk Management Solution Intro Video
StratexPoint Risk Management Solution Intro VideoStratexPoint Risk Management Solution Intro Video
StratexPoint Risk Management Solution Intro Video
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
Enabling Effective Conduct Risk
Enabling Effective Conduct RiskEnabling Effective Conduct Risk
Enabling Effective Conduct Risk
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Middle east insurance market
Middle east insurance marketMiddle east insurance market
Middle east insurance market
 
Amnded stratexpoint screens1
Amnded stratexpoint screens1Amnded stratexpoint screens1
Amnded stratexpoint screens1
 
HML Risk Transformation
HML Risk TransformationHML Risk Transformation
HML Risk Transformation
 
Greater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service WhitepaperGreater Manchester Fire and Rescue Service Whitepaper
Greater Manchester Fire and Rescue Service Whitepaper
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Manigent Embedding Risk Appetite Within The Strategy Process
Manigent Embedding Risk Appetite Within The Strategy ProcessManigent Embedding Risk Appetite Within The Strategy Process
Manigent Embedding Risk Appetite Within The Strategy Process
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And Exposure
 

Recently uploaded

Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
dlhescort
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 

Recently uploaded (20)

Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 

Managing Information Risk in Financial Services

  • 1. Managing Information Risk Putting the ‘I’ back in IT: Creating Tangible Value from the Intangible Asset Colin Lobley Director Information Strategy & Risk
  • 2. Webinar Aims & Structure  Aims:  Provide evidence for taking an information risk approach rather than an IT/cyber security approach  Introduce practical concepts and approach to managing information risk  Why Bother with Information?  The Information Opportunity  Threats and Risks  Managing Information Risk  Current Approaches, Weaknesses and Common Barriers  Overcoming the barriers: concepts and approaches to managing information and information risk management: Processes, Systems, Governance and Culture Page  2
  • 3. Manigent & Me  Director of Information Strategy & Risk.  14 years in strategy, programme and risk management; 6 years focused on the cyber threat environment.  2007 – Business Continuity Journal, Vol. 2, Issue 3: Ascertaining the behaviors and factors driving investment in high impact risks.  2008 – Manigent’s CEO created the Risk-Based Performance Management methodology.  Today – Building business resilience and enhancing performance by managing strategy and risk in today’s continuously turbulent, information-centric operating environment. Page  3
  • 5. The Value of Exploiting Information: FTSE 350 View  A potential gain of £44bn gross operating profit per annum across the FTSE 350 from enhanced information exploitation. Page  5 Source: The Information Opportunity Report – Cap Gemini
  • 6. The Value of Exploiting Information: Sector Comparison Page  6 Source: The Information Opportunity Report – Cap Gemini
  • 7. The Value of Exploiting Information: Function Comparison  Other functions with >20% of respondents saying it would be a function of greatest potential: Marketing, HR, Logistics & Supply. Page  7 Source: The Information Opportunity Report – Cap Gemini
  • 8. Information Risks: Personal Data Breaches per Sector   $215 (£129) per capita in financial services (direct). But the indirect impact on financial services is huge – insurance and compensation claims. Page  8 Source: Cost of a Data Breach Survey 2013, Ponemon Institute
  • 9. Personal Information Risk: Evolving Legislative Environment  New legislation and regulatory oversight likely to make this worse  Current: Data Protection Act (UK)  Information Commissioners Office enforces  Maximum fine of £0.5m  To date largely a public sector focus (& Sony - £350k in a £170m+ incident)  FCA also have the ability to fine  Zurich - £2.3m in 2010  New EU Data Protection Regulation in 2015 (est.):  Fines of 5% turnover?  Criminal Prosecution? Page  9
  • 10. Information Risk: Financial Services Case Studies  J.P.Morgan International Bank Limited, 2013, £3.1 million – direct fine by the FCA for systems and controls failings. Highlighted issues:  Client files which were not kept up to date  A computer based record system that did not allow sufficient information to be retained, suitability reports that failed to contain relevant client information.  A 2 year persistent failing during which “JPMIB’s senior management did not have sufficient information and oversight tools to identify and address these deficiencies”.  Sesame Limited, 2013, £6m - fine for failings between 2005-2009 during which the:  “vast majority” of sales were flawed because of a “mismatch between customers stated investment objectives and attitude to risk and the product sold” and  “the suitability letters provided to customers stated incorrectly that income or capital growth was guaranteed”  Many others – TJX, Citigroup, Barclays, De-Vere Group, NASDAQ …… and the list goes on. Page  10
  • 11. Information Risk: Evolving Regulation in FS  Emerging Financial Services Regulative oversight (UK) likely to lead to increased frequency and size of fines and stricter reporting.  FCA Risk Outlook 2013: “Increasing reliance on technology without fully understanding the consequent risks and dependencies”  UK’s Financial Policy Committee stated that: “market participants had increasingly highlighted concerns about operational risk, including threats of cyber-attack”. (June 2013) and “the boards of the relevant supervisory bodies to ensure that there was a concrete plan in place to deliver a higher level of protection against cyber-attacks for each institution at the core of the financial system, including banks and infrastructure providers.” (Sept 2013)  Waking Shark II report: “The PRA and FCA will coordinate to ensure dual-regulated firms are fully aware of the regulators’ incident reporting requirements and update frequencies.” Page  11
  • 12. Information Risk: Linked with Conduct Risk  Customer Management was the #1 area businesses felt could be improved through better information exploitation  Root cause of many FCA fines can be identified as poor management and analysis of customer data  Conduct Risk Agenda: To make relevant markets work well so consumers get a fair deal.  Consumers get financial services and products that meet their needs, from firms they can trust;  Markets and financial systems are sound, stable and resilient, with transparent pricing information; and  Firms compete effectively, with the interests of their customers and the integrity of the market at the heart of how they run their business.  The risk of poor information management will lead to bad conduct. Page  12
  • 13. Conclusion: Information Exploitation and Risk “Early adopters of effective information exploitation strategies are seeing real and tangible business performance improvements. Those that chose to do nothing have seen the gap between themselves and the market leaders widen.”  There are significant risks to:     Page  13 The information you have driven by the cyber threats Failing to exploit what you have already Not having the right information to exploit Compliance with changing laws and regulation
  • 15. The Traditional Approach ….. HACKERS CHINA IT (CYBER) SECURITY LED BY CISO / IT DIRECTOR REACH FOR A STANDARD (ISO 27001) Page  15 LOSS OF REPUTATION ….. Is immature and clearly not working.
  • 16. Barriers to Exploiting Information 1. PROCESSES (110) Page  16 Source: The Information Opportunity Report – Cap Gemini 2. SYSTEMS (66) 3. PEOPLE – governance and culture (121)
  • 17. Barriers to Managing Information Risk The Survey says …..  Poor alignment between:  Information security strategy and business strategy  Information security strategy and risk appetite or tolerance  Security policies and business objectives  Security spending and business objectives  Budget constraints / Insufficient capital funding  A lack of leadership from the CEO or Board  A lack of vision on how future business needs will impact security I say ….  PROCESSES: Complete failure of many businesses to articulate, manage and report the value of information and information risk linking the benefits and risks to business drivers  SYSTEMS: Too much focus on IT systems and not enough on information systems – the asset of real business value  PEOPLE: CIO’s focus on technology not information; lack of Board engagement on an “IT issue”; no ownership of information assets Page  17 Source: EYs Global Information Security Survey; PwC Global State of IT Security Survey 2013 and associated PwC blog
  • 18. Information-centric Business Systems & Processes ICT & more importantly, information, are the key enablers of any modern business. STRATEGIC OBJECTIVES DECISIONS STRATEGIC KNOWLEDGE OPERATIONAL USE ACCESS OPERATIONS STORE (ACQUIRE) INFORMATION ANALYSE PROCESS COLLECT / GENERATE DATA Page  18
  • 19. People: Changing the Information Culture Think of information as an asset of value:  “The value of the server [...] is probably negligible—it can be replaced quickly or its function can be moved to another server—however, the information asset stored on the container is not as easily replicated if compromised, and the impact to the organization is much more extensive.”  “An information asset is a body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited effectively.”  “60% of the senior executives felt that the information within their organisation was being used for retrospective reporting rather than to point a path to the future – a clear sign of failure to use information for competitive advantage” Page  19 Source : Information Asset Profiling; James F. Stevens; June 2005, Carnegie Mellon University; The National Archives – Information Asset Factsheet; Harnessing information to enhance business performance, Cap Gemini
  • 20. Process: Determine Information Value Drivers   “An organisations information assets were felt to be unique and therefore impossible to compare to the information assets of other organisations.” Valuing information is unique to each business, depending on its business drivers. Other drivers identified by businesses we have worked with include: - Brand value - Revenue generation - Contribution to UK National Security - Supplier expectations Page  20 Source: Harnessing information to enhance business performance, Cap Gemini; Manigent assignments
  • 21. People: Governance of Business Systems & Processes STRATEGIC OBJECTIVES Main Board & Operating Board /DECISIONS Exco STRATEGIC KNOWLEDGE OPERATIONAL USE ACCESS COO STORE OPERATIONS CIO & KIMs (ACQUIRE) INFORMATION ANALYSE PROCESS COLLECT / GENERATE CTO Page  21 DATA
  • 22. Risk Systems & Processes REVENUE REPUTATION POOR DECISIONS OPERATIONAL DOWNTIME INFORMATION UNAVAILABLE THEFT OR LOSS OF INFORMATION LOSS OF INFORMATION INTEGRITY UNAVAILABLE ICT THEFT OR LOSS OF DEVICE OR SYSTEM COMPROMISED EXTERNAL THREAT / INCIDENT MULTIPLE THREAT VECTORS MULTIPLE THREAT ACTORS Page  22 INSIDER THREAT / INCIDENT MALICIOUS NON-MALICIOUS
  • 23. People: Changing the risk culture  “Before the risks to an information asset can be assessed, the tangible and intangible value of the asset must be known.”  “The existence of a significant [IT] vulnerability does not mean that an organization is at a significant risk. A vulnerability is only significant if it places a critical asset at risk. This is an important distinction because assets and their value to the organization determine the context for risk rather than the vulnerability itself.” Page  23
  • 24. Process: Risk & Risk Appetite Identify Monitor & Report Assess Risk Appetite Mitigation Page  24 Treatment
  • 25. People: Risk Governance REVENUE REPUTATION Board POOR DECISIONS OPERATIONAL DOWNTIME COO INFORMATION UNAVAILABLE CRO & Risk Managers THEFT OR LOSS OF INFORMATION LOSS OF INFORMATION INTEGRITY UNAVAILABLE ICT THEFT OR LOSS OF DEVICE OR SYSTEM COMPROMISED CIO, CTO, CISO, Physical Security, Personnel Security / HR EXTERNAL THREAT / INCIDENT MULTIPLE THREAT VECTORS MULTIPLE THREAT ACTORS Page  25 INSIDER THREAT / INCIDENT MALICIOUS NON-MALICIOUS
  • 26. Risk-Based Performance Management (RBPM) puts it all together What are we trying to achieve? What is our Risk Appetite? Strategy Management Appetite Are we on track? Performance Management Risk Management Governance & Communications Culture Page  26 Are we operating within appetite?
  • 27. The Risk-Based Performance Management methodology Business Drivers Our People Our Environment Our Operation 2. Manage Performance 1. Set Strategy Appetite Page  27 Compliance Our Economic Profit 5.Governance 4. Appetite Alignment 3. Manage Risk Shareholder Value Exploitable Reserves Appetite 7.Culture 6.Communications Sustainability Image Profit
  • 28. The Risk-Based Performance Management change process Execution Formulation Define Strengths & Weaknesses Define Strategic Goals Define Business Drivers Align Risk Appetite & Strategy Board Define Strategic Controls Define Strategic Objectives Define the Strategy Define the Business Model Page  28 Define Strategic Risks Define Risk Appetite Define Indicators Define Assets, Systems & Processes Define Initiatives Define Operational Risks Define Operational Controls Executive Assess Risks & Controls Monitor Appetite Alignment
  • 29. Summary & Conclusion  Enhanced Information Exploitation offers huge opportunities – +27% operating profit in Financial Services, £44bn across the FTSE 350  Failure to manage the risks to your information and information processes leads to poor decisions, operational downtime and will ultimately have significant financial and reputational impacts  The regulatory environment is changing – act now to future proof your organisation and move beyond compliance to information performance  Managing information risk can help manage conduct risk  To embrace the opportunity and manage the risks we need to enhance our: Processes, Systems, and People  An integrated strategy and risk approach would be beneficial in develop a robust framework and implementing change. Page  29
  • 30. Thank You for Listening! Future Events    Managing Information Risk in FS Workshop.  More detail and practical tools and techniques for managing information and its risks  More detail on the threat and additional case studies  Detailed discussion on the Information Lifecycle  Methods and approaches to identifying information assets and value  The use of value profiles to monitor and report on both value and risks / losses  Practical hands-on sessions  Date: 16th April  Time: 09:00 – 17:00  Location: London  Cost: £500 per delegate Future webinars and workshops  Risk Based Performance Management  Driving Value from Conduct Risk  Integrating Balanced Scorecard and Risk Management  Building better indicators If you want to talk further please get in touch Colin Lobley | Tel: +44 (0)77 9519 6283 | E: colin.Lobley@manigent.com Page  30
  • 31. QUESTIONS Colin Lobley | Tel: +44 (0)77 9519 6283 | E: colin.Lobley@manigent.com Page  31