Evidian NewsDesk » European research shows that many banks still need to rethink their approach to IAM to effectively reduce operational risk

October 15, 2009

European research shows that many banks still need to rethink their approach to IAM to effectively reduce operational risk

Findings indicate that operational risk control is the major driver in banks’ IT spending, and over 50% will increase spending in IT security. But while identity and access management is an important driver of IT investment, inhibitors to wider adoption – often exaggerated – remain.

PARIS – Evidian, the identity and access management (IAM) company, announced the release of a European research paper on banks’ approaches to identity and access management. The Datamonitor paper is based on surveys and interviews performed in end 2008 and early 2009 among top IT managers of European banks.

Main findings

1 - Operational risk failures can be as costly as a “toxic” asset portfolio

The banking crisis revealed severe operational risk failures, including large-scale internal fraud, alongside credit and market exposure failures.
The traditional “silo” approach to risk management, where market, credit and operational risk are managed separately, has proved inadequate.
Bank IT executives therefore expect operational risk management to assume a more central role, with a focus on security and auditability.

2 - Operational risk is still the Cinderella of risk management disciplines

Although operational risk was given newly significant standing by Basel II, many banks continue to struggle with their approach.
Operational risk management is resented by traders and business managers, which hinders risk control efforts.
As a result, many security projects were cancelled or postponed in 2008, despite IT’s keen awareness of the need to reduce operational risk exposure.

3 - Identity and access management (IAM) can be a major contributor to risk reduction, despite perceived obstacles

20% of bank IT managers identify IAM as a key IT investment area and Datamonitor believes it to be a significant contributor to detect and control internal fraud.
Strengthening access control is essential but not enough. Banks need control over the entire employee life cycle, and an easily exploitable bank-wide audit trail.
Some perceived obstacles to IAM, such as costs or complexity, cause banks to rely on often-manual, therefore risky, in-house developments.

4 - Real-life implementation success of IAM requires more than technology

To successfully reduce operational risk, IAM must be part of a thorough process review. Indeed, many banks are already eliminating walls between risk disciplines.
Executive-level sponsorship is mandatory. Post-mortems often reveal that existing processes failed to work because full management support was lacking.
Identity-centric business operations are essential. With ongoing mergers, staff reductions and state oversight, IAM can help banks reduce fraud and achieve business targets.

Consult the Datamonitor paper

The full Datamonitor white paper can be accessed at the following URL:

http://www.evidian.com/iam/sectorial-solutions/wp-datamonitor.php

Quotes

“Identity and access management has a key role to play in mitigating operational risk, in particular in preventing and reducing internal fraud” says Martha Bennett, Datamonitor Research director, Financial Services Technology. “Despite some banks’ concerns about IAM, a well-managed IAM system can not only reduce operational risk, but also reduce compliance costs and deliver business benefits.”

“This research confirms our experience of the banking market. By automating identity and access management procedures, our customers greatly simplify their operational risk reduction effort.” says Hassan Maad, COO of IAM software vendor Evidian. “Furthermore, IAM lowers banks’ operating expenses significantly by cutting help-desk workload and making bank employees more productive.”

About Datamonitor

Datamonitor is a world-leading provider of premium global business information, delivering independent data, analysis and opinion across the Automotive, Consumer Goods, Energy & Utilities, Financial Services, Logistics, Pharmaceutical & Healthcare, Retail and Technology industries. Combining its industry knowledge and experience, Datamonitor assists over 6000 of the world’s leading companies in making better strategic and operational decisions.

About Evidian

Evidian, an affiliate of Bull Group, is the European leader and one of the major worldwide vendors of identity and access management (IAM) software. Evidian has offices and partners throughout the world. Evidian software helps over 700 organizations in the world to improve their agility, enhance security and comply with laws and regulations, while reducing costs. For more information about Evidian software, offices and partners, visit www.evidian.com


Support \| Contact us Authentication management Enterprise single sign-on Web single sign-on Identity and access management Network and system monitoring High availability For Microsoft Environment Industry Solutions Finance Healthcare Enterprise Government Telecommunications Consulting and implementation Training and certification Support Find a partner Become a partner Resources for partners Training and certification White papers Case studies and brochures Newsletter SSO demo SafeKit trial Overview Careers Offices and distributors Events News
Search: Archives: 2012 2011 2010 2009 2008 2007 2006 Events:	Evidian NewsDesk October 15, 2009 European research shows that many banks still need to rethink their approach to IAM to effectively reduce operational risk Findings indicate that operational risk control is the major driver in banks’ IT spending, and over 50% will increase spending in IT security. But while identity and access management is an important driver of IT investment, inhibitors to wider adoption – often exaggerated – remain. PARIS – Evidian, the identity and access management (IAM) company, announced the release of a European research paper on banks’ approaches to identity and access management. The Datamonitor paper is based on surveys and interviews performed in end 2008 and early 2009 among top IT managers of European banks. Main findings 1 - Operational risk failures can be as costly as a “toxic” asset portfolio The banking crisis revealed severe operational risk failures, including large-scale internal fraud, alongside credit and market exposure failures. The traditional “silo” approach to risk management, where market, credit and operational risk are managed separately, has proved inadequate. Bank IT executives therefore expect operational risk management to assume a more central role, with a focus on security and auditability. 2 - Operational risk is still the Cinderella of risk management disciplines Although operational risk was given newly significant standing by Basel II, many banks continue to struggle with their approach. Operational risk management is resented by traders and business managers, which hinders risk control efforts. As a result, many security projects were cancelled or postponed in 2008, despite IT’s keen awareness of the need to reduce operational risk exposure. 3 - Identity and access management (IAM) can be a major contributor to risk reduction, despite perceived obstacles 20% of bank IT managers identify IAM as a key IT investment area and Datamonitor believes it to be a significant contributor to detect and control internal fraud. Strengthening access control is essential but not enough. Banks need control over the entire employee life cycle, and an easily exploitable bank-wide audit trail. Some perceived obstacles to IAM, such as costs or complexity, cause banks to rely on often-manual, therefore risky, in-house developments. 4 - Real-life implementation success of IAM requires more than technology To successfully reduce operational risk, IAM must be part of a thorough process review. Indeed, many banks are already eliminating walls between risk disciplines. Executive-level sponsorship is mandatory. Post-mortems often reveal that existing processes failed to work because full management support was lacking. Identity-centric business operations are essential. With ongoing mergers, staff reductions and state oversight, IAM can help banks reduce fraud and achieve business targets. Consult the Datamonitor paper The full Datamonitor white paper can be accessed at the following URL: http://www.evidian.com/iam/sectorial-solutions/wp-datamonitor.php Quotes “Identity and access management has a key role to play in mitigating operational risk, in particular in preventing and reducing internal fraud” says Martha Bennett, Datamonitor Research director, Financial Services Technology. “Despite some banks’ concerns about IAM, a well-managed IAM system can not only reduce operational risk, but also reduce compliance costs and deliver business benefits.” “This research confirms our experience of the banking market. By automating identity and access management procedures, our customers greatly simplify their operational risk reduction effort.” says Hassan Maad, COO of IAM software vendor Evidian. “Furthermore, IAM lowers banks’ operating expenses significantly by cutting help-desk workload and making bank employees more productive.” About Datamonitor Datamonitor is a world-leading provider of premium global business information, delivering independent data, analysis and opinion across the Automotive, Consumer Goods, Energy & Utilities, Financial Services, Logistics, Pharmaceutical & Healthcare, Retail and Technology industries. Combining its industry knowledge and experience, Datamonitor assists over 6000 of the world’s leading companies in making better strategic and operational decisions. About Evidian Evidian, an affiliate of Bull Group, is the European leader and one of the major worldwide vendors of identity and access management (IAM) software. Evidian has offices and partners throughout the world. Evidian software helps over 700 organizations in the world to improve their agility, enhance security and comply with laws and regulations, while reducing costs. For more information about Evidian software, offices and partners, visit www.evidian.com