LOWER EUC RISK WITH AUTOMATED CONTROLS

The London Interbank Offered Rate – commonly known as LIBOR – will expire by December 31, 2021. The move is the result of major manipulation scandals and reduced trading based on the rate, which is linked to everything from credit cards to leveraged loans. Libor is deeply embedded in financial markets. Some $200 trillion of derivatives are tied to the U.S. dollar benchmark alone and most major global banks will spend more than $100 million this year preparing for the switch.

Anyone who has bought computer systems over the last 30 years has come up against the same dilemma – shall we go for a ‘best of breed’ packaged solution, or shall we build it internally, using the skills of the internal IT teams? It is the classic “Make or Buy” dilemma.

You talk about your requirements with IT. They look at the problem – it looks like a few database tables with a couple of front-end screens for data entry/update will do the job. Chuck in a couple of reports and hey - the job’s done. It won’t take more than a couple of months, tops. Surely that’s better than spending more money on what looks like an expensive solution from a vendor?

At the start of November 2017, BaFin published the Supervisory Requirements for IT in Financial Institutions (Bankaufsichtliche Anforderungen an die IT – BAIT, see BaFinJournal November 2017).

The BAIT have now become the cornerstone of IT supervision for all credit and financial services institutions in Germany. The requirements are directed at the management boards of such companies. They specify what BaFin considers to be adequate technical and organisational resources for IT systems, particularly in relation to the requirements for information security and suitable contingency management.

Is your organization moving towards cloud computing solutions? If so, these initiatives can typically be viewed as two different types of projects.

1. Moving application servers and databases to cloud servers such as Amazon AWS or Microsoft Azure.
2. Migrating files and data into cloud storage.

How can this be done without disrupting your current EUC and Model controls? CIMCON can help.

There are numerous, well-publicized incidents of data loss and data breach associated with the use of spreadsheets. This perpetual information security risk has led many to call for doing away with spreadsheets entirely. But before you go disrupting any critical business processes that aren’t really broken, consider taking advantage of a new Excel add-in that is available at no cost via Microsoft AppSource.

Having an accurate and up to date inventory of models (whether they are spreadsheet-based or other) is the foundation of any model governance program. Now that you’ve chosen to manage these model risks, what’s the best way to track them?

Nowadays we take spreadsheets for granted. Their power is simply at our fingertips. But it wasn't always this way. How did we come to have these useful tools so readily available? There is surprisingly little formal information about how they came to be, but luckily, there are others who share our passion and have done something about it. 

There should be no schadenfreude experienced after the news reports of BlackRock accidentally leaking a spreadsheet containing the PII (personally identifiable information) of close to 20,000 independent financial advisors who distribute their iShares products. It can happen to anyone and in fact, it happens all the time.

Do you think that any of your critical business processes are vulnerable to a spreadsheet error? Or perhaps, has the number of models (including artificial intelligence) proliferated to the point where it’s difficult to understand your risk exposure (never mind reduce it)? If yes, there is something you can do.

Creating and maintaining a Model Inventory is simple in concept but much harder in practice. Identifying the existing models to include can be challenging, especially given the fact that the line of business aren’t usually enthusiastic about documenting their model usage. Some model owners would prefer that you just go away, thank you very much. But it’s the “maintain” task that is really difficult. Keeping a model inventory accurate and up to date takes a lot of work. From chasing down various owners and users for updates to reporting on KRIs, it is a thankless job that never ends. Model Inventories are very resource intensive but there is an easier way that is better, faster and cheaper.