Basel I was introduced in 1988 and is considered outdated as it is risk insensitive and can easily be circumvented by regulatory arbitrage.
Basel II, is also called "The New Accord" or the International Convergence of Capital Measurements and Capital
Standards, a revised framework. It is the second Basel Accord and represents recommendations from the Basel Committee on Banking Supervision (BCBS). It was created to promote greater consistency in the ways banks and banking regulators approach risk management across national borders. The Bank for International Settlements (often confused with the BCBS) supplies the secretariat for the BCBS and is not itself the BCBS.
Key Security Requirements
Within its three pillars of thought: (1) Minimum Capital Requirements; (2) Supervisory Review; and (3) Market Discipline, Basel II addresses several key security requirements.
- Internal data. According to Basel II, the tracking of internal loss event data is an essential prerequisite to the development and functioning of a credible operational risk measurement system. Internal loss data is most relevant when it is clearly linked to a bank's current business activities, technological processes, and risk management procedures. Therefore, a bank must have documented procedures for assessing the on-going relevance of historical loss data, including those situations in which judgment overrides, scaling, or other adjustments may be used, to what extent they may be used and who is authorized to make such decisions. (Paragraphs 670 and 671)
A bank must develop specific criteria for assigning loss data arising from an event in a centralized function (e.g. an information technology department) or an activity that spans more than one business line, as well as from related events over time. (Paragraph 673)
- Disclosure. The Committee (BCBC) believes that providing disclosures that are based on this common framework is an effective means of informing the market about a bank's exposure to those risks and provides a consistent and understandable disclosure framework that enhances comparability. (Paragraph 810)
- Proprietary and confidential information. Proprietary information encompasses information (for example on products or systems), that if shared with competitors would render a bank's investment in these products/systems less valuable, and hence would undermine its competitive position. Information about customers is often confidential, in that it is provided under the terms of a legal agreement or counterparty relationship. This has an impact on what banks should reveal in terms of information about their customer base, as well as details on their internal arrangements, for instance methodologies used, parameter estimates, data, etc. Banks should have a formal disclosure policy approved by the board of directors that addresses the bank's approach for determining what disclosures it will make and the internal controls over the disclosure process. In addition, banks should implement a process for assessing the appropriateness of their disclosures, including validation and frequency of them. (Paragraph 819)
U.S. Rules Implementing Basel II Capital Accord
In March, 2006, the Federal Reserve Board issued an interagency notice of proposed rulemaking (NPR) that would implement Basel II risk-based capital requirements in the United States for large, internationally active banking organizations within the next two years. The proposed rule would require the largest internationally active banks to enhance the measurement and management of their risks, including credit risk and operational risk. It would also require these banks to have rigorous processes for assessing overall capital adequacy in relation to their total risk profile and to publicly disclose information regarding their risk profile and capital adequacy. Many financial institutions are beginning to plan and implement safeguards in preparation of these emerging requirements. The Federal Deposit Insurance Corporation, The Office of the Comptroller of the Currency, and the Office of Thrift Supervision are also considering the NPR.
According to Forrester Research, large European banks will spend, on average, $124 million over five years to comply with Basel II. The research firm advises clients to embed Basel II changes into core business-improvement strategies, tying investments to improved capital efficiency and reduced operational losses. Among Forrester's recommendations: Make governance dynamic, use enterprise visibility to manage data complexity, design Basel II systems with business users in mind, and partner in industry groups to overcome operational-risk hurdles. |
 |
The Basel Committee on Banking Supervision provides a forum for regular cooperation on banking supervisory matters. Over recent years, it has developed increasingly into a standard-setting body on all aspects of banking supervision, including the Basel II Accord.
|
|
|
|
Banks need the high level of network security available considering the
value of financial transactions processed.
VSS, in combination with IDS, Network Monitoring and Forensics systems ensures financial institutions are protected against security breaches and
fully in compliance with Basel II and other financial data security requirements.
VSS helps financial institutions:
1. To implement technology to detect and prevent unauthorized access
(working along with IDS and Network Monitoring Systems) thus
protecting proprietary and confidential
information.
2. Define and implement a notification
process
3. Maintain a Vulnerability Management Program:With continual network monitoring and alerts on vulnerabilities that are most important,
reports can quickly and easily be generated for IT management to meet all
disclosure requirements.
|
Back to Regulations & Compliance