Category Archives: Governance, Risk & Compliance

Q&A: The Impact of Basel III

Posted on by

Banks have feared the impending Basel III reforms for some time now. We have covered the topic in the past, both on the Monitor (the most recent Basel III-related post here) and in Risk Management (our April 2010 issue).

Starting tomorrow, regulators will come together for a two-day meeting of the Basel Committee on Banking Supervision. The purpose of the meeting is to come to an agreement on liquidity and the quality of capital to fill gaps in an overhaul of rules known as Basel III. Earlier this month, the G-20 endorsed the Basel reforms.

To get a bit of insight on the matter and how the reforms will affect insurers, I contacted Adam Girling, principal at the Financial Services Office of Ernst & Young, with a few questions on the topic.

How will the largest global investment banks deal with the impact of Basel reforms?

Adam Girling: One of the most significant impacts of the new Basel reforms is the substantial increase in capital requirements for trading book exposures, which are those positions held on a short-term basis with the intent to trade. The Basel Committee Quantitative Impact Study (QIS) and industry estimates suggest that risk-weighted assets for many trading portfolios will rise under the new requirements by three to four times on average, and potentially more for some portfolios. Particularly hard hit are securitization exposures. The global banking organizations with sizeable trading portfolios are looking at where their capital requirements are increasing most and whether they need to bring capital requirements down by hedging or unwinding positions — although liquidity of positions remains an issue. Coupled with the analysis of changing capital requirements are new Basel III leverage and liquidity coverage standards, as well as industry reforms around over-the-counter (OTC) derivatives and proprietary trading. So institutions are reviewing their business strategies and considering which businesses to exit stay the course or grow given the combined impact of changing market dynamics and new regulatory constraints.

Do you think economic growth will be hampered by Basel III bank capital standards?

AG: This is a profound question and there is certainly a divergence of views. For example, the Institute of International Finance (IIF) analysis suggests a potentially large impact, while the Basel Committee itself projects a quite limited impact. Theoretically, the extended implementation period should provide an opportunity to identify potential unintended consequences and an opportunity to make adjustments as, and if, necessary. The biggest risks are likely in the transition phase. The Basel committee has calculated that with the long transition periods retained earnings can boost capital ratios sufficiently, but the industry may set expectations for banks to meet the new standards sooner. If this is the case, banks will either need to raise extra capital or will need to reduce the risk in their balance sheets — potentially via changing their lending profiles to maintain an acceptable rate of return on equity.

How will the Basel reforms affect insurers?

AG: Basel II applies to banking organizations and Basel III does not propose to change those subject to the risk-based capital standards.  In the US, Basel II has, to date, only applied to the largest and most internationally active banking companies on a consolidated basis. And to my knowledge, none of these institutions have a top-tier parent that is an insurance company. If any insurance companies were deemed systemically significant under the Dodd-Frank Wall Street Reform and Consumer Protection Act, it is quite possible that the enhanced capital and liquidity requirements to which they would be subject would incorporate Basel III. In Europe, however, Solvency II is enhancing risk-based capital for insurers using a three pillar framework similar to Basel II.

November Issue of Risk Management Now Online

Posted on by

It’s that time again — a new issue of Risk Management magazine is now online. The cover story in our November issue celebrates the 100th anniversary of the modern U.S. workers compensation system and highlights the fact that even though workers comp is only 100 years old, its principles date back a millennium.

Additional features in the newest issue are a first-hand account by Michael Cawley of 25 lessons learned during his 25 years as a risk manager, the pros and cons of cloud computing and seven steps to building a successful workers comp program.

Our columns explore topics such as the rise in workplace suicides, the largest data breach in history, regulatory uncertainty within the insurance industry, the Red Flags Rule, and human clinical trial insurance in South Korea. Also included are monthly staples such as our articles highlighting recent industry reports (Findings) and our book reviews (Shelf Life).

If you enjoy what you seen online, you can subscribe to the print edition to enjoy even more content.

Please let us know what you think in the comments below. And stay tuned to the blog for even more coverage in the future. Lastly, you can follow the magazine on Twitter“like” us on Facebook and join our LinkedIn group.

Q&A: Security Information and Event Management

Posted on by

Though a relatively new idea, Security Information and Event Management (SIEM) has evolved to become an important tool used on networks to centralize the storage of logged events. SIEM works a little like this: computer networks generate events that are kept in event logs.

buy tobradex online azimsolutions.com/wp-content/uploads/2023/10/jpg/tobradex.html no prescription pharmacy

These logs are, more or less, a list of activities that occurred on the networked computers. SIEM is software that organizes and stores these records.

SIEMs are often used to help satisfy U.S. regulatory requirements such as Sarbanes-Oxley and PCI-DSS. Wanting to know more about SIEM, I contacted Alison Andrews, CEO of Vigilant LLC.

Can you further explain SIEM for those who are unfamiliar?

Alison Andrews: SIEM stands for Security Information and Event Management. These products centralize log information and other security data, and correlate information from multiple sources in real time. When well-implemented, this enables centralization of many security management functions through a single console, makes incident response and forensics much more efficient, and delivers comprehensive reporting for audit and other purposes.

buy xtandi online azimsolutions.com/wp-content/uploads/2023/10/jpg/xtandi.html no prescription pharmacy

The most flexible SIEM products also enable integration of business context data for fraud detection, loss prevention, and monitoring of other transactional events that are critical to business risk management.

What should a company expect from SIEM?

Andrews: SIEM buyers should expect to achieve measurable efficiencies in daily security operations, and greater business-oriented security intelligence. By reducing the number of analysts needed to respond to security alerts, headcount can be reassigned to more proactive functions. A solid SIEM implementation should generate reports and dashboards for role-based visibility into the state of the entire enterprise from a security perspective.

This visibility should certainly be designed to support real-time monitoring workflow. But it should also support business decision-making by IT managers and executives concerned with overall IT and business risk – the people who make budget decisions, and need assurance that critical assets are protected and that security, overall, is improving over time.

What are the best management processes for SIEM?

Andrews: First, it’s very important to deploy methodically, and in phases. Second, you need clearly defined roles for how the SIEM filters, correlation rules, and other components, will be refined and updated over time. Third, companies that are most successful with SIEM have high-level executive sponsorship and see it as a tool that serves more than the immediate needs of IT security teams.

Over time, a mature SIEM deployment can provide increasingly sophisticated functions across the whole IT organization, and can directly support the risk management needs of many departments and business units.

What are the risks associated with SIEM?

Andrews: A haphazard process of deploying SIEM, without regard for the specific information you need to see, causes many problems. You can end up collecting more data than is reasonable to store, or bog down system performance. Worst case, without the right configurations, you can end up falsely assuming that the environment is more secure than it really is, leaving you open to preventable security incidents and audit deficiencies.

Are there risks that require custom management?

buy suhagra online azimsolutions.com/wp-content/uploads/2023/10/jpg/suhagra.html no prescription pharmacy

Andrews: SIEM is a powerful tool, but you can’t rely only on what comes out of the box. Every SIEM requires at least some measure of customization, and will return value proportionate to what you put into it.  These days, no one can afford  cost-consuming  products that can’t be justified. So in making a SIEM investment you need to consider not only the cost of the product and initial installation, but how you will develop it over time.

The good news is that as the SIEM market has matured, the products provide more out-of-the-box value than ever before, and there are well-established options and best practices for making optimal use of the technology that can fit various budget levels, whether you decide to do it in-house or get outside help.

computer network

NYSE Commission: Boards’ Focus Should be Long-term

Posted on by

Following the financial crisis, the New York Stock Exchange’s Commission on Corporate Governance has found that corporate boards should focus more on long-term growth, instead of short-term gains.

The year-long examination also found that managers should be more involved in corporate governance and boards should not rely too heavily on legislation and agency rule-making in establishing corporate governance strategies.

“We think this is really important today because, more than ever before, boards are confronted with pressure to act to increase shareholder prices in the short-term — including facing pressure to take actions that may lead to a short-term increase in shareholder value at the expense of long-term, sustainable growth.”

The panel, chaired by Larry Sonsini, chairman of law firm Wilson Sonsini Goodrich & Rosati, recommended the following 10 core principles to improve corporate governance and the proxy voting process:

  1. The board’s fundamental objective should be to build long­-term sustainable growth in shareholder value for the corporation, and the board is accountable to shareholders for its performance in achieving this objective.
  2. While the board’s responsibility for corporate governance has long been established, the critical role of management in establishing proper corporate governance has not been sufficiently recognized. The Commission believes that a key aspect of successful governance depends upon successful management of the company, as management has primary responsibility for creating an environment in which a culture of performance with integrity can flourish.
  3. Shareholders have the right, a responsibility and a long-­term economic interest to vote their shares in a thoughtful manner, in recognition of the fact that voting decisions influence director behavior, corporate governance and conduct, and that voting decisions are one of the primary means of communicating with companies on issues of concern.
  4. Good corporate governance should be integrated with the company’s business strategy and objectives and should not be viewed simply as a compliance obligation separate from the company’s long-­term business prospects.
  5. Legislation and agency rule­-making are important to establish the basic tenets of corporate governance and ensure the efficiency of our markets. Beyond these fundamental principles, however, the Commission has a preference for market­-based governance solutions whenever possible.
  6. Good corporate governance includes transparency for corporations and investors, sound disclosure policies and communication beyond disclosure through dialogue and engagement as necessary and appropriate.
  7. While independence and objectivity are necessary attributes of board members, companies must also strike the right balance between the appointment of independent and non­independent directors to ensure that there is an appropriate range and mix of expertise, diversity and knowledge on the board.
  8. The Commission recognizes the influence that proxy advisory firms have on the market, and believes that such firms should be held to appropriate standards of transparency and accountability. The Commission commends the SEC for its issuance of the Concept Release on the U.S. Proxy System, which includes inviting comments on how such firms should be regulated.
  9. The SEC should work with the NYSE and other exchanges to ease the burden of proxy voting and communication while encouraging greater participation by individual investors in the proxy voting process.
  10. The SEC and/or the NYSE should consider a wide range of views to determine the impact of major corporate governance reforms on corporate performance over the last decade. The SEC and/or the NYSE should also periodically assess the impact of major corporate governance reforms on the promotion of sustainable, long-­term corporate growth and sustained profitability.

Sonsini stressed that the commission can only recommend these principles. The success of them depends on a company’s willingness to implement and maintain such initiatives.